`
`Extended 2.0 Protocol SMBtrans2
`
`smb_dscnt
`smb_dsoff
`smb_dsdisp
`smb_fid
`smb_bcc
`smb_data[ ]
`
`Num ber of data bytes being sent in this buffer.
`Offset from the start of an SMB header to the data bytes.
`Byte displacem ent for these data bytes.
`Value = 0xffff. No FID in this request.
`Total bytes following including pad bytes.
`Data bytes (size = smb_dscnt).
`
`Response Form at
`smb_wct
`smb_tprcnt
`smb_tdrcnt
`smb_rsvd
`smb_prcnt
`smb_proff
`smb_prdisp
`smb_bcc
`smb_param[ ]
`
`Value = 10.
`Value = 2.
`Value = 0. No data bytes.
`Reserved. Must be zero.
`Value = 2. Param eter bytes being returned.
`Offset from the start of an SMB header to the param eter bytes.
`Value = 0. Byte displacem ent for these param eter bytes.
`Total bytes following including pad bytes.
`The param eter block for the TRANSACT2_MKDIR function response is the
`m kdir-specific return inform ation in the following form at:
`Location
`Nam e
`Meaning
`smb_param[0-1] mkdir_offerror
`Offset into FEALIST data of first error
`which occurred while
`setting
`the
`extended attributes.
`
`250
`
`Page 268 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`Appendix A
`SMBTransmissionAnalysis
`
`A.1
`
`Introduction
`This appendix describes the m apping between DOS and OS/2 system calls on an SMB
`redirector, and the associated SMB requests sent from the SMB redirector to an LMX server. The
`DOS SMB redirector is assum ed to be using the core SMB protocols, and the OS/2 SMB
`redirector is assum ed to be using the LAN Manager extended SMB protocols. While an OS/2
`SMB redirector will use core SMB requests to com m unicate with a core LMX server, and a DOS
`LAN Manager client will use extended SMB requests to com m unicate with an OS/2 server, these
`situations will not be considered here.
`The m appings given here do not com pletely describe the behaviour of all SMB redirectors; they
`do not take into account various optim isations which SMB redirectors m ay do which will result
`in behaviour which differs from that described here. In particular, the extended SMB protocol
`contains a num ber of facilities which allow a redirector to im prove perform ance. These include:
`SMB chaining, opportunistic locking, caching and various specialised SMB requests, such as
`Read Block Multiplex, Write Block Multiplex, Read Block Raw and Write Block Raw. Redirectors
`which m ake use of these facilities m ay not behave exactly as described here.
`It should also be noted that the OS/2 SMB redirector and file system m ake extensive use of
`internal buffers and heuristics that m ake it difficult to determ ine an exact m apping between
`OS/2 API calls and SMB em issions. The listed API calls give an indication of which SMBs are
`sent when invoked, and where possible, an explanation is given regarding any special
`circum stances.
`DOS and OS/2 system calls which are not listed here will not norm ally result in SMB requests
`being transm itted.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 269 of 534
`
`251
`
`Cisco -- Exhibit 1004
`
`
`
`DOS Functions
`
`SMB Transmission Analysis
`
`A.2
`
`DOS Functions
`Function Num ber DOS Function
`0x00
`Term inate Program m e
`0x05
`Print Character
`0x0d
`Reset Disk
`0x0f
`Open File (FCB I/O)
`0x10
`Close File (FCB I/O)
`0x11
`Search For First Entry
`0x12
`Search For Next Entry
`0x13
`Delete File (FCB I/O)
`0x14
`Sequential Read (FCB I/O)
`0x15
`Sequential Write (FCB I/O)
`0x16
`Create File (FCB I/O)
`0x17
`Renam e File (FCB I/O)
`0x1b
`Get Default Drive Data
`0x1c
`Get Drive Data
`0x21
`Random Read (FCB I/O)
`0x22
`Random Write (FCB I/O)
`0x23
`Get File Size (FCB I/O)
`0x27
`Random Block Read (FCB I/O)
`0x28
`Random Block Write (FCB I/O)
`0x36
`Get Disk Free Space
`0x39
`Create Directory
`0x3a
`Rem ove Directory
`0x3b
`Change Current Directory
`0x3c
`Create File Handle
`0x3d
`Open File Handle
`0x3e
`Close File Handle
`0x3f
`Read Via File Handle
`0x40
`Write Via File Handle
`0x41
`Delete Directory Entry
`0x42
`Move File Pointer
`0x43
`Set/Get File Attributes
`0x4b
`Load and Execute Program m e/Load Overlay
`0x4c
`End Process
`0x4e
`Find First File
`0x4f
`Find Next File
`0x56
`Change Directory Entry
`0x57
`Set/Get Date/Tim e of File
`0x5a
`Create Tem porary File Handle
`0x5b
`Create New File
`0x5c
`Unlock/Lock File
`0x5f
`Get Assign List Entry
`0x68
`Flush Buffer
`
`252
`
`Page 270 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`SMB Transmission Analysis
`
`DOS Functions
`
`Change Current Directory
`Functionnumber
`0x3b.
`SMBsent
`SMBchkpth.
`Reason
`Change directory.
`
`Change Directory Entry
`Functionnumber
`0x56.
`SMBsent
`SMBmv.
`Reason
`Renam e file.
`
`Close File (FCB I/O)
`Functionnumber
`SMBsent
`Reason
`
`0x10.
`SMBclose.
`Close file (FCB I/O).
`
`Close File Handle
`Functionnumber
`SMBsent
`Reason
`
`Create Directory
`Functionnumber
`SMBsent
`Reason
`
`0x3e.
`SMBclose, SMBsplclose(printer device).
`Close file.
`
`0x39.
`SMBmkdir.
`Make directory.
`
`Create File (FCB I/O)
`Functionnumber
`SMBsent
`Reason
`
`0x16.
`SMBcreate.
`Create file.
`
`Create File Handle
`Functionnumber
`SMBsent
`Reason
`
`0x3c.
`SMBcreate.
`Create file.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 271 of 534
`
`253
`Cisco -- Exhibit 1004
`
`
`
`DOS Functions
`
`SMB Transmission Analysis
`
`Create New File
`Functionnumber
`SMBsent
`Reason
`
`0x5b.
`SMBmknew.
`Create file.
`
`Delete Directory Entry
`Functionnumber
`0x41.
`SMBsent
`SMBunlink.
`Reason
`Delete file.
`
`Delete File (FCB I/O)
`Functionnumber
`SMBsent
`Reason
`
`0x13.
`SMBunlink.
`Delete file (FCB I/O).
`
`End Process
`Functionnumber
`SMBsent
`Reason
`
`Find First File
`Functionnumber
`SMBsent
`Reason
`
`Find Next File
`Functionnumber
`SMBsent
`Reason
`
`Flush Buffer
`Functionnumber
`SMBsent
`Reason
`
`0x4c.
`SMBexit.
`Exit program m e.
`
`0x4e.
`SMBsearch.
`Find first m atching filenam e.
`
`0x4f.
`SMBsearch.
`Find next m atching filenam e.
`
`0x68.
`SMBflush.
`Com m it file.
`
`254
`
`Page 272 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`SMB Transmission Analysis
`
`DOS Functions
`
`Get Assign List Entry
`Functionnumber
`SMBsent
`Reason
`
`0x5f.
`SMBtcon, SMBtdis.
`Redirect device, cancel redirection.
`
`Get Default Drive Data
`Functionnumber
`0x1b.
`SMBsent
`SMBdskattr.
`Reason
`Get data on the default drive.
`
`Get Disk Free Space
`Functionnumber
`SMBsent
`Reason
`
`Get Drive data
`Functionnumber
`SMBsent
`Reason
`
`0x36.
`SMBdskattr.
`Get free space on disk.
`
`0x1c.
`SMBdskattr.
`Get data on a drive.
`
`Get File Size (FCB I/O)
`Functionnumber
`0x23.
`SMBsent
`SMBsearch.
`Reason
`File size in records.
`
`Load and Execute Program m e/Load Overlay
`Functionnumber
`0x4b.
`SMBsent
`SMBopen, SMBread, SMBclose.
`Reason
`Load/execute program m e.
`
`Move File Pointer
`Functionnumber
`SMBsent
`Reason
`
`0x42.
`SMBlseek.
`Set position in file.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 273 of 534
`
`255
`Cisco -- Exhibit 1004
`
`
`
`DOS Functions
`
`SMB Transmission Analysis
`
`Open File (FCB I/O)
`Functionnumber
`SMBsent
`Reason
`
`Open File Handle
`Functionnumber
`SMBsent
`Reason
`
`Print Character
`Functionnumber
`SMBsent
`Reason
`
`0x0f.
`SMBopen(read/write/share set to 0xff).
`Open file (FCB I/O).
`
`0x3d.
`SMBopen, SMBsplopen(printer device).
`Open file.
`
`0x05.
`SMBsplopen, SMBsplwr, SMBsplclose.
`Printer output.
`
`Random Block Read (FCB I/O)
`Functionnumber
`0x27.
`SMBsent
`SMBread.
`Reason
`Random block read (FCB I/O).
`
`Random Block Write (FCB I/O)
`Functionnumber
`0x28.
`SMBsent
`SMBwrite.
`Reason
`Random block write (FCB I/O).
`
`Random Read (FCB I/O)
`Functionnumber
`0x21.
`SMBsent
`SMBread.
`Reason
`Random read (FCB I/O).
`
`Random Write (FCB I/O)
`Functionnumber
`0x22.
`SMBsent
`SMBwrite.
`Reason
`Random write.
`
`256
`
`Page 274 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`SMB Transmission Analysis
`
`DOS Functions
`
`Read Via File Handle
`Functionnumber
`SMBsent
`Reason
`
`0x3f.
`SMBread.
`Read file.
`
`Rem ove Directory
`Functionnumber
`SMBsent
`Reason
`
`0x3a.
`SMBrmdir.
`Rem ove directory.
`
`Renam e File (FCB I/O)
`Functionnumber
`0x17.
`SMBsent
`SMBmv.
`Reason
`Renam e file.
`
`Reset Disk
`Functionnumber
`SMBsent
`Reason
`
`Search For First Entry
`Functionnumber
`SMBsent
`Reason
`
`Search For Next Entry
`Functionnumber
`SMBsent
`Reason
`
`0x0d.
`SMBflush.
`Disk reset (flush file buffers).
`
`0x11.
`SMBsearch.
`Search first m atching entry.
`
`0x12.
`SMBsearch.
`Search next m atching entry.
`
`Sequential Read (FCB I/O)
`Functionnumber
`0x14.
`SMBsent
`SMBread.
`Reason
`Sequential read (FCB I/O).
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 275 of 534
`
`257
`Cisco -- Exhibit 1004
`
`
`
`DOS Functions
`
`SMB Transmission Analysis
`
`Sequential Write (FCB I/O)
`Functionnumber
`0x15.
`SMBsent
`SMBwrite.
`Reason
`Sequential write (FCB I/O).
`
`Set/Get Date/Tim e of File
`Functionnumber
`0x57.
`SMBsent
`SMBsearch, SMBsetatr.
`Reason
`Get/set file date and tim e.
`
`Set/Get File Attributes
`Functionnumber
`0x43.
`SMBsent
`SMBsetatr.
`Reason
`Change file attributes.
`
`Term inate Program m e
`Functionnumber
`SMBsent
`Reason
`
`0x00.
`SMBexit.
`Program m e term inate.
`
`Unlock/Lock File
`Functionnumber
`SMBsent
`Reason
`
`Write Via File Handle
`Functionnumber
`SMBsent
`Reason
`
`0x5c.
`SMBlock, SMBunlock.
`Lock/Unlock file.
`
`0x40.
`SMBwrite, SMBsplwr(printer device).
`Write file.
`
`258
`
`Page 276 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`SMB Transmission Analysis
`
`OS/2 Functions
`
`A.3 OS/2 Functions
`The SMB requests generated from OS/2 redirectors will vary based on the protocol dialect
`negotiated. This variation is highlighted in the sequences below by listing the SMB request that
`will be sent if the extended 1.0 dialect was negotiated first followed by the SMB request for the
`extended 2.0 dialect.
`
`DosBufReset
`SMBsent
`Reason
`
`DosChDir
`SMBsent
`Reason
`
`DosClose
`SMBsent
`Reason
`
`DosDelete
`SMBsent
`Reason
`
`DosDevIOCtl
`SMBsent
`Reason
`
`DosExecPgm
`SMB sent
`
`Reason
`
`DosFileLocks
`SMBsent
`Reason
`
`SMBflush.
`Flush file buffer.
`
`SMBchkpth.
`Change the current working directory.
`
`SMBclose, SMBwriteclose, SMBwrite.
`Close FID.
`If the file I/O is buffered, a DosClose will cause the data in the buffers to
`be flushed. This type of situation m ay cause an SMBwriteclose or
`SMBwriteto be sent.
`
`SMBunlink.
`Delete a file.
`
`SMBioctl, SMBioctls.
`Pass a device-specific I/O control request to a driver.
`
`SMBopen, SMBread, SMBclose. SMBtrans2(TRANSACT2_OPEN) m ay be
`used for the open function instead of SMBopen for the extended 2.0
`dialect.
`Start a program m e as a child process.
`DosExecPgmm akes use of OS/2’s standard file I/O functions.
`
`SMBlockSMBlockingX, SMBlockread, SMBunlock, SMBwriteunlock.
`Set or reset a byte lock range in an open file.
`An SMBwriteunlock is sent after unlocking bytes which were just written
`out. SMBlockreadis used to lock and then read ahead.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 277 of 534
`
`259
`Cisco -- Exhibit 1004
`
`
`
`OS/2 Functions
`
`SMB Transmission Analysis
`
`DosFindClose
`SMBsent
`Reason
`
`DosFindFirst
`SMBsent
`Reason
`
`DosFindFirst2
`SMBsent
`Reason
`
`DosFindNext
`SMBsent
`Reason
`
`SMBfcloseand possibly SMBfindnclose.
`If change notification was
`Close an active directory search handle.
`involved, the SMBfindnclosewill be sent to cancel further notifications.
`
`SMBffirstor SMBtrans2(TRANSACT2_FINDFIRST).
`Find the first file in a directory m atching the search pattern.
`
`SMBtrans2(TRANSACT2_FINDFIRST). An SMBfindclosem ay follow.
`If no
`Find the first file in a directory m atching the search pattern.
`additional searchs are desired the SMBfindclose will be used to allow the
`server to free resources associated with the find.
`
`SMBffirstor SMBtrans2(TRANSACT2_FINDNEXT).
`Get the next file from the search pattern.
`If this function is used on a sufficiently large directory it will eventually
`send an SMBfindrequest.
`
`DosFindNotifyClose
`SMBsent
`Reason
`
`SMBfindnclose.
`To indicate to the LMX server that directory search requests are com plete.
`
`DosMkDir
`SMBsent
`Reason
`
`DosMove
`SMBsent
`Reason
`
`DosOpen
`SMB sent
`
`Reason
`
`SMBmkdirSMBtrans2(TRANSACT2_MKDIR).
`Create a new directory.
`
`SMBmv.
`Renam e or m ove a file.
`
`SMBopenX, SMBopen, SMBcreate, SMBreadXor
`SMBtrans2(TRANSACT2_OPEN).
`Open a device/file for I/O.
`DosOpen m ay send an SMBreadX read ahead. DosOpen will send an
`SMBopenX instead of an SMBopenwhen in protected m ode. SMBopenhas
`no capabilities for creating a file when opening, so DosOpen m ay send an
`SMBcreate.
`
`260
`
`Page 278 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`SMB Transmission Analysis
`
`OS/2 Functions
`
`DosQCurDir
`SMBsent
`Reason
`
`DosQFSInfo
`SMBsent
`Reason
`
`DosQFileInfo
`SMBsent
`Reason
`
`DosQFileMode
`SMBsent
`Reason
`
`DosRead
`SMBsent
`Reason
`
`DosReadAsync
`SMBsent
`Reason
`
`DosRm Dir
`SMBsent
`Reason
`
`DosSetFileInfo
`SMBsent
`Reason
`
`SMBchkpth.
`Determ ine the current directory of a logical drive.
`
`SMBdskattror SMBtrans2(TRANSACT2_QFSINFO).
`Retrieve file system inform ation data.
`
`SMBgetattrEor SMBtrans2(TRANSACT2_QFILEINFO).
`Retrieve a file inform ation record.
`
`SMBgetatr.
`Get a file’s attribute byte.
`
`SMBread, SMBreadX, SMBreadbraw, SMBreadbmpx.
`Read characters from an FID.
`SMBreadbrawis used to send a block of data which is larger than the data
`size which was negotiated.
`
`SMBread, SMBreadX, SMBreadbraw, SMBreadbmpx.
`Read characters from an FID asynchronously.
`Sam e behaviour as DosRead.
`
`SMBrmdir.
`Delete a subdirectory.
`
`SMBsetattrE.
`Change a file’s directory inform ation.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 279 of 534
`
`261
`Cisco -- Exhibit 1004
`
`
`
`OS/2 Functions
`
`SMB Transmission Analysis
`
`DosSetFileMode
`SMBsent
`Reason
`
`DosWrite
`SMB sent
`Reason
`
`DosWriteAsync
`SMB sent
`Reason
`
`SMBsetatr.
`Change a file’s attribute.
`
`SMBwrite, SMBwriteX, SMBwritebraw, SMBwritebmpx.
`Write characters to an FID.
`SMBwritebrawis used to send a block of data which is larger than the data
`size which was negotiated.
`
`SMBwrite, SMBwriteX, SMBwritebraw, SMBwritebmpx.
`Write characters to an FID asynchronously.
`Sam e behaviour as DosWrite.
`
`262
`
`Page 280 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`Appendix B
`LANManagerRemoteAdministrationProtocol
`
`B.1
`
`Overview
`This section describes the m echanism used by LAN Manager
`rem ote
`to im plem ent
`adm inistration functions and access control lists. The protocols described here are those which
`are provided by the extended dialects. They are included here so that an im plem entor can build
`an LMX server which can handle this class of SMB redirector requests. However, their inclusion
`in this specification does not im ply any X/Open endorsem ent of these m echanism s as the basis
`for future X/Open network m anagem ent functionality.
`All adm inistrative functions in the LAN Manager are provided by a set of shared library
`routines, often referred to as LAN Manager API routines. Many of these routines have a
`servernam e argum ent which the caller uses to distinguish a local adm inistrative operation (one
`which applies to the LMX server on the local m achine) from a rem ote operation (one which
`applies to the server on another m achine).
`In the case of a rem ote operation the SMB redirector packages up its argum ents, and sends them
`to the appropriate LMX server. The LMX server then calls the corresponding LAN Manager API
`routine locally, packages the results, and sends them back to the SMB redirector. The
`m echanism resem bles a specialised, private, rem ote procedure call facility between the SMB
`redirector and the LMX server.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 281 of 534
`
`263
`
`Cisco -- Exhibit 1004
`
`
`
`Remote API Protocol
`
`LAN Manager Remote Administration Protocol
`
`B.2
`
`Rem ote API Protocol
`1. All rem ote API operations are done using the share nam e IPC$. The SMB redirector will
`autom atically connect to that share if necessary in order to do a rem ote API call.
`2. All rem ote API operations are done using the Transaction SMB SMBtrans.
`3. The smb_name field of the Transaction SMB is always \PIPE\LANMAN. The server uses
`this to identify a rem ote API request. The SMB resem bles a norm al nam ed pipe operation,
`which is also done using a Transaction SMB. However, the smb_setup[0] field, which
`would norm ally contain the desired nam ed pipe operation,
`ignored;
`is
`the
`\PIPE\LANMAN nam e field is sufficient to identify a rem ote API operation.
`The argum ents for the rem ote API call are encapsulated in the Transaction request SMB; return
`values are encapsulated in the Transaction response SMB. In both the request and the response,
`all binary values are stored in little-endian order, least significant byte first. There are no pad
`bytes other than those explicitly specified in descriptor strings; therefore, item s m ay be located
`at an arbitrary byte boundary - there are no alignm ent restrictions.
`The request and response Transaction SMBs contain a param eter section and a data section. The
`argum ents for a rem ote API call are split into two parts, and placed in these sections of the
`request Transaction. The Transaction response m essage contains the results of the call, split
`between the param eter and data sections of the Transaction response. A num ber of fields in the
`Transaction SMB identify the size and location of these sections within the SMB, and also allow a
`single Transaction request or response to be split into several m essages (refer to X/Open CAE
`Specification, IPC Mechanism s for SMB).
`
`264
`
`Page 282 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`LMX Access Control Lists Mapping
`
`B.3
`
`LMX Access Control Lists Mapping
`Access control lists (ACLs) are used by LMX servers running in user-level security m ode.
`Though the im plem entation of ACLs is outside the scope of the specification the following list is
`a set of possible access perm issions, which is used by LAN Manager im plem entations.
`User-level security allows access perm issions to be set for each shared resource (for exam ple, file
`system subtree, individual file, spooler, device, etc.). Each shared resource has a list of users and
`groups, with the perm issions allowed for each user or group on that resource.
`
`ACL Perm issions
`R
`read
`
`W write
`X
`execute
`C
`create
`
`D delete
`A
`change attributes
`
`P
`
`change perm issions
`
`N deny access
`Y
`allow spool requests
`
`Perm ission to read data from a resource and, by
`default, execute the resource.
`Perm ission to write data to the resource.
`Perm ission to execute the resource.
`Perm ission to create an instance of the resource
`(for exam ple, a file); data can be written to the
`resource when creating it.
`Perm ission to delete the resource.
`Perm ission to m odify the resource’s attributes
`(for exam ple, the date and tim e a file was last
`m odified).
`Perm ission to m odify the perm issions (read,
`write, create, execute and delete) assigned to a
`resource for a user, group or application.
`No perm issions.
`
`Since the X/Open CAE does not provide an access control list (ACL) m echanism, the usual CAE
`access control m echanism s should be used instead. Following the principle of least surprise, a
`m apping is defined for access m echanism s which cannot easily be provided under CAE system s.
`The CAE access control m echanism s are used to perm it interoperability for applications which
`reside on both PCs and on CAE hosts.
`A m apping from (SMB) UID and usernam e/password supplied by the client to CAE User ID
`(uid) and Group ID(s) (gid) is established by the SMBsesssetupX and will be m aintained by the
`LMX server. The m apped-to CAE User ID and one or m ore Group IDs are used for all accesses
`on the CAE system in the usual m anner.
`The differences between the functionality provided by ACLs and the access control m echanism s
`for LMX servers described above include:
`1. ACL perm issions apply to shared resources. This includes file system directories as well as
`individual files. CAE perm issions apply to individual files and directories but are not
`extended to subtrees.
`2. For each resource, ACL perm issions can be listed for any num ber of individual users, for
`any num ber of groups, and for anyone else. A CAE file or directory specifies perm issions
`for the owner, one group and everyone else.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 283 of 534
`
`265
`Cisco -- Exhibit 1004
`
`
`
`LMX Access Control Lists Mapping
`
`LAN Manager Remote Administration Protocol
`
`The following table shows the m apping between the ACL perm issions and CAE perm issions:
`
`SMB Perm issions
`R
`read
`W write
`X
`execute
`C
`create
`D delete
`A
`change attributes
`P
`change perm issions
`N deny access
`Y
`allow spool requests
`
`Equivalent CAE Perm ission
`r
`read
`w write
`read (Note 1)
`r
`w write on parent dir
`w write on parent dir
`not supportable
`(Note 2)
`no perm issions (Note 3)
`not supportable
`
`-
`
`Notes:
`
`1. Execute perm ission for LMX servers requires only read perm ission, as the client
`need only be able to read the file before it can execute it.
`2. Not an assignable access right. The owner of a file and users with appropriate
`privileges always have P access and cannot relinquish it; no other user can
`acquire P access.
`3. Not a specific right, but the absence of rights. Note that the privileged user
`always has all rights and can relinquish none of them.
`ACLs could be partially im plem ented for LMX servers by placing the required checks into the
`LMX server itself. The list would be used to further restrict (but not grant) access to files and
`directories beyond the restrictions im posed by the usual CAE access control m echanism s. A
`client m ay have access to a resource only if it does not conflict with CAE perm issions and if it is
`specified in the ACL. There m ay be cases where the ACL indicates that a user should have
`access, but the CAE security would have to be circum vented to honour it. The access will be
`denied in accordance with the CAE in these cases. This perm its access security to be m aintained
`on both the server and client system equivalently; if a user local on the CAE system is denied
`access, access should be denied for the user on a client system as well.
`X/Open-com pliant system im plem entations which support native ACLs as an enhancem ent
`m ay use that m echanism instead of the norm al CAE access control m echanism s if desired, as
`long as the ACLs do not grant perm ission where the expected CAE access m echanism s would
`have denied it.
`
`266
`
`Page 284 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`Transaction API Request Format
`
`B.4
`
`Transaction API Request Form at
`
`B.4.1
`
`Param eter Section
`The param eter section (smb_param) of the Transaction request contains the following:
`• API num ber: 16-bit integer
`• param eter descriptor string: null-term inated ASCII string
`• data descriptor string: null-term inated ASCII string
`• parm s: subroutine argum ents, as described by the param eter descriptor string
`• auxiliary data descriptor string: optional null-term inated ASCII string
`The API num ber identifies which API routine the SMB redirector wishes the LMX server to call
`on its behalf. A list of API num bers is given in Section B.8 on page 275.
`The param eter descriptor string describes the types of the argum ents in the data section
`(smb_data), as given in the original call to the routine on the SMB redirector.
`The data descriptor string describes the form at of a data structure, or data buffer, which is sent
`to the API routine. The API routine on the SMB redirector is norm ally given a pointer to this
`buffer. Note that this descriptor string is also used by the server to determ ine the form at of the
`data buffer to be sent back from the API call.
`The parm s field contains the actual subroutine argum ents, as described by the param eter
`descriptor string.
`The auxiliary data descriptor string describes the form at of a second, auxiliary data structure
`which is either sent to or received from the API routine, in addition to that defined by the data
`descriptor string. The data described by this descriptor string is located in the data section
`(smb_data) of SMBtrans,
`im m ediately following the data described by the prim ary data
`descriptor.
`
`B.4.2 Data Section
`The data section (smb_data) of the SMBtransrequest contains the following:
`• the prim ary data buffer, as described by the data descriptor string in the param eter section
`• the auxiliary data buffer (optional), as described by the auxiliary data descriptor in the
`param eter section
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 285 of 534
`
`267
`Cisco -- Exhibit 1004
`
`
`
`Transaction API Response Format
`
`LAN Manager Remote Administration Protocol
`
`B.5
`
`Transaction API Response Form at
`
`B.5.1
`
`Param eter Section
`The param eter section (smb_param) of the SMBtransresponse contains the following:
`• Status: a 16-bit integer. This is the return status as if the requested LAN Manager API routine
`would be executed on the responder’s system. Zero norm ally indicates success.
`• Converter word: 16-bit integer, used by the requestor’s system to adjust the pointer in the
`data section. The use of this field is described below.
`• Parm s: return param eters, as described by the param eter descriptor string in the request
`m essage. Only those param eters which are identified in the param eter descriptor string as
`being receive pointers (that is, which will be m odified by the server) are actually returned
`here.
`
`B.5.2 Data Section
`The data section (smb_data) of the SMBtransrequest contains:
`• the prim ary returned data buffer, as described by the data descriptor in the request m essage
`• the auxiliary data buffer (optional), as described by the auxiliary data descriptor in the
`request m essage
`
`268
`
`Page 286 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`Descriptor Strings
`
`B.6 Descriptor Strings
`A descriptor string is a null-term inated ASCII string. Descriptor string elem ents consist of a
`the argum ent, possibly followed by a num ber (in ASCII
`letter describing the type of
`representation), specifying the size of the argum ent. Each item in the descriptor string describes
`one data elem ent.
`
`B.6.1 Descriptor String Types
`The following describes the characters which m ay be encountered in a descriptor string, and the
`form at of the corresponding data described by the descriptor string.
`B
`Byte
`If followed by one or m ore digits (that is, B13) this refers to an array of bytes. One or m ore
`bytes will be located in the corresponding data area. Note that this type will not be found in
`the param eter descriptor string (that
`is,
`it will not be used to describe subroutine
`argum ents), since single bytes cannot be pushed onto the stack by the SMB redirector.
`W 16-bit integer
`If followed by one or m ore num bers (that is, W4) this refers to an array of 16-bit integers.
`One or m ore 16-bit integers will be located in the corresponding param eter or data area.
`D 32-bit integer
`If followed by one or m ore num bers (that is, D3) this refers to an array of 32-bit integers.
`One or m ore 32-bit integers will be located in the corresponding param eter or data area.
`z Null-term inated ASCII string
`The corresponding param eter or data area contains a null-term inated ASCII string. This
`type has a different m eaning when applied to returned data. (See below.)
`Byte pointer
`The original argum ent list or data structure contained a pointer to one (that is, b) or m ore
`(that is, b8) bytes at this position. The bytes them selves are located in the corresponding
`param eter or data area. This type has a different m eaning when applied to returned data.
`(See below.)
`w Word pointer
`The original argum ent list or data structure contained a pointer to one (that is, w) or m ore
`(that is, w2) 16-bit integers at this position. The integers them selves are located in the
`corresponding param eter or data area. This type has a different m eaning when applied to
`returned data. (See below.)
`d Dword pointer
`The original argum ent list or data structure contained a pointer to one (that is, d) or m ore
`(that is, d3) 32-bit integers at this position. The integers them selves are located in the
`corresponding param eter or data area. This type has a different m eaning when applied to
`returned data. (See below.)
`Receive byte pointer
`The original argum ent list contained a pointer to one (that is, g) or m ore (that is, g8) bytes at
`this position, which are to receive return values from the API call. The Transaction request
`contains nothing at this position in the corresponding param eter or data area; the response
`m essage contains data.
`
`g
`
`b
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 287 of 534
`
`269
`Cisco -- Exhibit 1004
`
`
`
`Descriptor Strings
`
`LAN Manager Remote Administration Protocol
`
`h
`
`i
`
`Receive word pointer
`Contains data in the param eter section. The original argum ent list contained a pointer to
`one (that is, h) or m ore (that is, h2) 16-bit integers at this position, which are to receive
`return values from the API call. The Transaction request contains nothing at this position in
`the corresponding param eter or data area; the response m essage contains data in the
`param eter section.
`Receive dword pointer
`The original argum ent list contained a pointer to one (that is, i) or m ore (that is, i3) 32-bit
`integers at this position, which are to receive return values from the API call. The
`Transaction request contains nothing at this position in the corresponding param eter or data
`area; the response m essage contains data in the param eter section.
`O Null pointer
`The original argum ent list or data structure contained a null pointer at this position. There
`is nothing stored at this position in the corresponding parm s or data area.
`Send data buffer pointer
`The original argum ent list contained a pointer at this position to a data structure containing
`m ore data argum ents to the API call. This item appears only in a param eter descriptor
`string. The form at of the secondary data structure is described in the data descriptor string
`(contained in the param eter section of the Transaction request m essage). The data itself is
`contained in the data section of the Transaction request m essage.
`Length of send buffer
`The original argum ent list contained a 16-bit integer argum ent at this position which
`specified the length of the send buffer. This item appears only in a param eter descriptor
`string. No value is placed in the corresponding param eter area.
`Receive data buffer pointer
`The original argum ent list contained a pointer at this position to a data structure which was
`to be filled in by the API call. This item appears only in a param eter descriptor string. The
`form at of the secondary data structure is described in the data descriptor string (contained
`in the param eter section of the Transaction request m essage). The data itself is contained in
`the data section of the Transaction response m essage.
`Length of receive buffer
`The original argum ent list contained a 16-bit integer argum ent at this position which
`specified the length of the receive buffer. This item appears only in a param eter descriptor
`string. The corresponding param eter area contains a 16-bit integer specifying the length of
`the receive buffer.
`Param eter num ber
`The corresponding param eter or data area contains a 16-bit short integer.
`Entries read
`The original argum ent list contained a pointer to a 16-bit integer at this position, which is to
`receive the num ber of entries returned by the API call in the receive buffer. The Transaction
`request contains nothing at this position in the corresponding param eter or data area; the
`response m essage contains the num bers of entries returned in the receive data buffer.
`
`s
`
`T
`
`r
`
`L
`
`P
`
`e
`
`270
`
`Page 288 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`Descriptor Strings
`
`B.6.2
`
`N Num ber of auxiliary structures
`This field is only found in data descriptor strings. The presence of the field indicates that
`there will be auxiliary data sent (if found in a send data descriptor string), or received (if
`found in a receive data descriptor string). The corresponding data block contains a 16-bit
`integer specifying the num ber of auxiliary data structures to be sent (for a send data buffer),
`or which have been received (for a receive data buffer).
`K Unstructured data block
`This will norm ally be the only item in a descriptor string.
`Fill
`The corresponding data area contains one (that is, F) or m ore (that is, F3) fill bytes at this
`position.
`
`F
`
`Pointer Types and Returned Data
`Lower-case letters are considered pointer types. These pointer types z, b, w and d have a
`different m eaning if they are used to describe returned inform ation. In this case the pointers
`occur in a data descriptor string or auxiliary data descriptor string and describe data to be
`returned in the data section (smb_data) of the SMBtransresponse m essage. In this case the item
`referred to by the pointer is not the array or string itself, but a 32-bit integer. The high-order 16-
`bits are to be ignored and the low-order 16-bits contain an offset. The offset subtracted by the
`converter word points to the array or string within the returned data buffer itself.
`The data desc