Re: [cifs-protocol] OPEN_ANDX undocumented flag with 19 word count response
No problem! Some information on CIFS/SMB (both the technical and legal definitions, which differ) was presented at the Sept '09 SNIA Plugfest, and it may take me a bit to obtain the presentation materials - hopefully that won't take too long. I will keep you advised! Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 -Original Message- From: Zachary Loafman [mailto:zachary.loaf...@isilon.com] Sent: Thursday, December 17, 2009 12:27 PM To: Bill Wesse Cc: p...@tridgell.net; cifs-proto...@samba.org Subject: RE: OPEN_ANDX undocumented flag with 19 word count response Bill - Thanks! I apologize for not checking MS-SMB as well, woops. > -Original Message- > From: Bill Wesse [mailto:bil...@microsoft.com] > Sent: Thursday, December 17, 2009 9:25 AM > To: Zachary Loafman > Cc: p...@tridgell.net; cifs-proto...@samba.org > Subject: RE: OPEN_ANDX undocumented flag with 19 word count response > > Good morning Zachary - thanks for your questions. We have created the > following case to track our work on those: > > SRX091217600064 [MS-CIFS] OPEN_ANDX undocumented flag with 19 word > count > > I expect the lack of documentation in [MS-CIFS] concerning your > questions is due to the relationship between CIFS and SMB, and because > the flags and fields in question are SMB extensions to CIFS. I will dig > deeper into this and will update you as soon as I can. > > Here is some initial information for you concerning where the flags and > fields in question are documented: > > SRX091217600064 [MS-CIFS] OPEN_ANDX undocumented flag with 19 word > count > > The SMB_COM_OPEN_ANDX.Flags SMB_OPEN_EXTENDED_RESPONSE (0x0010) flag is > documented here: > > 2.2.10 SMB_COM_OPEN_ANDX Client Request Extension > http://msdn.microsoft.com/en-us/library/cc246255.aspx > > The WordCount value of 19 is documented here: > > 3.3.5.6 Receiving an SMB_COM_OPEN_ANDX Request (Obsolete) > http://msdn.microsoft.com/en-us/library/cc246463.aspx > > The ServerField is documented here: > > 2.2.11 SMB_COM_OPEN_ANDX Server Response Extension > http://msdn.microsoft.com/en-us/library/cc246256.aspx > > Regards, > Bill Wesse > MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM > 8055 Microsoft Way > Charlotte, NC 28273 > TEL: +1(980) 776-8200 > CELL: +1(704) 661-5438 > FAX: +1(704) 665-9606 > > -Original Message- > From: Zachary Loafman [mailto:zachary.loaf...@isilon.com] > Sent: Thursday, December 17, 2009 10:18 AM > To: Interoperability Documentation Help > Cc: p...@tridgell.net; cifs-proto...@samba.org > Subject: OPEN_ANDX undocumented flag with 19 word count response > > If the client adds a 0x10 flag in the Flags field of SMB_COM_OPEN_ANDX, > a Windows server will send back an alternate 19 WordCount response. > Neither the 0x10 flag nor the 19 WordCount response are documented in > MS-CIFS. > > Wireshark can't handle the flag or response, but netmon seems to > document it. The flag is documented as "RESP_EXTENDED_OPEN_ANDX reply", > and the reply seems to contain the MaxAccessRights (as the torture test > expects, too). Both the flag and response need to be documented, > though. > > Also, the MS-CIFS OPEN_ANDX documentation doesn't mention ServerFID, > but both netmon and wireshark think that the first ULONG worth of the > Reserved field is actually "ServerFID," whatever that is. > > I've attached a short pcap demonstrating the extended response. You can > reproduce this at will with the smbtorture RAW-OPEN test. > > -- > Zach Loafman | Staff Engineer > Isilon SystemsD +1-206-315-7570F +1-206-315-7485 > www.isilon.comP +1-206-315-7500M +1-206-422-3461 ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
Re: [cifs-protocol] OPEN_ANDX undocumented flag with 19 word count response
Bill - Thanks! I apologize for not checking MS-SMB as well, woops. > -Original Message- > From: Bill Wesse [mailto:bil...@microsoft.com] > Sent: Thursday, December 17, 2009 9:25 AM > To: Zachary Loafman > Cc: p...@tridgell.net; cifs-proto...@samba.org > Subject: RE: OPEN_ANDX undocumented flag with 19 word count response > > Good morning Zachary - thanks for your questions. We have created the > following case to track our work on those: > > SRX091217600064 [MS-CIFS] OPEN_ANDX undocumented flag with 19 word > count > > I expect the lack of documentation in [MS-CIFS] concerning your > questions is due to the relationship between CIFS and SMB, and because > the flags and fields in question are SMB extensions to CIFS. I will dig > deeper into this and will update you as soon as I can. > > Here is some initial information for you concerning where the flags and > fields in question are documented: > > SRX091217600064 [MS-CIFS] OPEN_ANDX undocumented flag with 19 word > count > > The SMB_COM_OPEN_ANDX.Flags SMB_OPEN_EXTENDED_RESPONSE (0x0010) flag is > documented here: > > 2.2.10 SMB_COM_OPEN_ANDX Client Request Extension > http://msdn.microsoft.com/en-us/library/cc246255.aspx > > The WordCount value of 19 is documented here: > > 3.3.5.6 Receiving an SMB_COM_OPEN_ANDX Request (Obsolete) > http://msdn.microsoft.com/en-us/library/cc246463.aspx > > The ServerField is documented here: > > 2.2.11 SMB_COM_OPEN_ANDX Server Response Extension > http://msdn.microsoft.com/en-us/library/cc246256.aspx > > Regards, > Bill Wesse > MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM > 8055 Microsoft Way > Charlotte, NC 28273 > TEL: +1(980) 776-8200 > CELL: +1(704) 661-5438 > FAX: +1(704) 665-9606 > > -Original Message- > From: Zachary Loafman [mailto:zachary.loaf...@isilon.com] > Sent: Thursday, December 17, 2009 10:18 AM > To: Interoperability Documentation Help > Cc: p...@tridgell.net; cifs-proto...@samba.org > Subject: OPEN_ANDX undocumented flag with 19 word count response > > If the client adds a 0x10 flag in the Flags field of SMB_COM_OPEN_ANDX, > a Windows server will send back an alternate 19 WordCount response. > Neither the 0x10 flag nor the 19 WordCount response are documented in > MS-CIFS. > > Wireshark can't handle the flag or response, but netmon seems to > document it. The flag is documented as "RESP_EXTENDED_OPEN_ANDX reply", > and the reply seems to contain the MaxAccessRights (as the torture test > expects, too). Both the flag and response need to be documented, > though. > > Also, the MS-CIFS OPEN_ANDX documentation doesn't mention ServerFID, > but both netmon and wireshark think that the first ULONG worth of the > Reserved field is actually "ServerFID," whatever that is. > > I've attached a short pcap demonstrating the extended response. You can > reproduce this at will with the smbtorture RAW-OPEN test. > > -- > Zach Loafman | Staff Engineer > Isilon SystemsD +1-206-315-7570F +1-206-315-7485 > www.isilon.comP +1-206-315-7500M +1-206-422-3461 ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
Re: [cifs-protocol] OPEN_ANDX undocumented flag with 19 word count response
Good morning Zachary - thanks for your questions. We have created the following case to track our work on those: SRX091217600064 [MS-CIFS] OPEN_ANDX undocumented flag with 19 word count I expect the lack of documentation in [MS-CIFS] concerning your questions is due to the relationship between CIFS and SMB, and because the flags and fields in question are SMB extensions to CIFS. I will dig deeper into this and will update you as soon as I can. Here is some initial information for you concerning where the flags and fields in question are documented: SRX091217600064 [MS-CIFS] OPEN_ANDX undocumented flag with 19 word count The SMB_COM_OPEN_ANDX.Flags SMB_OPEN_EXTENDED_RESPONSE (0x0010) flag is documented here: 2.2.10 SMB_COM_OPEN_ANDX Client Request Extension http://msdn.microsoft.com/en-us/library/cc246255.aspx The WordCount value of 19 is documented here: 3.3.5.6 Receiving an SMB_COM_OPEN_ANDX Request (Obsolete) http://msdn.microsoft.com/en-us/library/cc246463.aspx The ServerField is documented here: 2.2.11 SMB_COM_OPEN_ANDX Server Response Extension http://msdn.microsoft.com/en-us/library/cc246256.aspx Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 -Original Message- From: Zachary Loafman [mailto:zachary.loaf...@isilon.com] Sent: Thursday, December 17, 2009 10:18 AM To: Interoperability Documentation Help Cc: p...@tridgell.net; cifs-proto...@samba.org Subject: OPEN_ANDX undocumented flag with 19 word count response If the client adds a 0x10 flag in the Flags field of SMB_COM_OPEN_ANDX, a Windows server will send back an alternate 19 WordCount response. Neither the 0x10 flag nor the 19 WordCount response are documented in MS-CIFS. Wireshark can't handle the flag or response, but netmon seems to document it. The flag is documented as "RESP_EXTENDED_OPEN_ANDX reply", and the reply seems to contain the MaxAccessRights (as the torture test expects, too). Both the flag and response need to be documented, though. Also, the MS-CIFS OPEN_ANDX documentation doesn't mention ServerFID, but both netmon and wireshark think that the first ULONG worth of the Reserved field is actually "ServerFID," whatever that is. I've attached a short pcap demonstrating the extended response. You can reproduce this at will with the smbtorture RAW-OPEN test. -- Zach Loafman | Staff Engineer Isilon SystemsD +1-206-315-7570F +1-206-315-7485 www.isilon.comP +1-206-315-7500M +1-206-422-3461 ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
[cifs-protocol] OPEN_ANDX undocumented flag with 19 word count response
If the client adds a 0x10 flag in the Flags field of SMB_COM_OPEN_ANDX, a Windows server will send back an alternate 19 WordCount response. Neither the 0x10 flag nor the 19 WordCount response are documented in MS-CIFS. Wireshark can't handle the flag or response, but netmon seems to document it. The flag is documented as "RESP_EXTENDED_OPEN_ANDX reply", and the reply seems to contain the MaxAccessRights (as the torture test expects, too). Both the flag and response need to be documented, though. Also, the MS-CIFS OPEN_ANDX documentation doesn't mention ServerFID, but both netmon and wireshark think that the first ULONG worth of the Reserved field is actually "ServerFID," whatever that is. I've attached a short pcap demonstrating the extended response. You can reproduce this at will with the smbtorture RAW-OPEN test. -- Zach Loafman | Staff Engineer Isilon SystemsD +1-206-315-7570F +1-206-315-7485 www.isilon.comP +1-206-315-7500M +1-206-422-3461 openx_extended.pcap Description: application/cap ___ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
