`
`Extended 2.0 Protocol SMBtrans2
`
`smb_dscnt
`smb~dsofl’
`smb_dsd1'sp
`smb_fid
`smb_bcc
`smb_data[]
`
`Number of data bytes being sent in this buffer.
`Olfset from the start of an SMB header to the data bytes.
`Byte displacement for these data bytes.
`Value = Oxffff. No FID in this request.
`Total bytes following including pad bytes.
`Data bytes (size = smb_dscnt).
`
`Re sp onse Form at
`
`smb_wct
`
`Value = 10.
`
`smb_tprcnt
`smbjdrcnt
`
`smb_1‘svd
`smb_p1‘rnt
`smb_pro1f
`smb_prd1'sp
`smb_bcc
`
`smb_param[ 1
`
`Value = 2.
`Value = 0. No data bytes.
`Reserved. Must be zero.
`Value = 2. Parameter bytes being returned.
`Offset from the start of an SMB header to the parameter bytes.
`Value = 0. Byte displacement for these param eter bytes.
`Total bytes following including pad bytes.
`lock for the TRANSACT2_MKDlR function response is the
`The param eter b
`urn information in the following form at:
`In kdir—specif1c ret
`Meaning
`Nam e
`Location
`l’f1§*f’E5£’a Bf mfiéi l é{{o£
`smb_param[0—1] nikdirkoflerror Offset into FEA
`setting
`the
`occurred while
`which
`extended attributes.
`
`250
`
`Page 268 of 534
`
`X/Open CAE Specification (1992)
`
`Cisco -— Exhibit 1004
`
`
`
`
`
`A.l
`
`Introduction
`
`which make use of these facilities may not behave exactly as described here.
`It should also be noted that the OS/2 SMB redirector and file system make extensive use of
`
`DOS and OS/2 system calls which are not listed here will not normally result in SMB requests
`
`being transmitted.
`
`Protocols forX/Open PC Interworking: SMB, Version 2
`Page
`Of
`
`251
`Cisco -- Exhibit 1004
`
`
`
`DOS Functions
`
`A2
`
`DOS Functions
`
`Sl\/IE Transmission Analysis
`
`l
`
`Function Number
`0x00
`0x05
`0x0d
`0x0f
`0x10
`0x11
`0x12
`0x13
`0x14
`0x15
`0x16
`0x17
`Oxlb
`Oxlc
`0x21
`0x22
`0x23
`0x27
`0x28
`0x36
`0x39
`Ox3a
`0x3b
`0x3c
`0x3d
`0x3e
`0x3f
`0x40
`0x41
`0x42
`0x43
`0x4b
`Ox4c
`Ox4e
`0x4f
`0x56
`0x57
`0x5a
`0x5b
`Ox5c
`Ox5f
`0x68
`
`DOS Function
`Terminate Program m e
`Print Character
`Reset Disk
`Open File (FCB I/O)
`Close File (FCB I/O)
`Search For First Entry
`Search For Next Entry
`Delete File (FCB I/O)
`l Sequential Read (FCB I/O)
`Sequential Write (FCB I/O)
`Create File (FCB 1/ 0)
`Rename File (FCB I/O)
`Get Default Drive Data
`Get Drive Data
`Random Read (FCB I/O)
`‘ Random Write (FCB 1/ 0)
`Get File Size (FCB I/O)
`' Random Block Read (FCB I/O)
`Random Block Write (FCB I/O)
`Get Disk Free Space
`Create Directory
`. Remove Directory
`Change Current Directory
`Create File Handle
`Open File Handle
`Close File Handle
`Read Via File Handle
`. Write Via File Handle
`Delete Directory Entry
`K Move File Pointer
`Set/Get File Attributes
`Load and Execute Program me/Load Overlay
`End Process
`4 Find First File
`Find Next File
`2 Change Directory Entry
`Set/Get Date/Time of File
`Create Tem porary File Handle
`i Create New File
`E Unlock/Lock File
`Get Assign List Entry
`Flush Buffer
`
`;
`
`:
`
`252
`
`Page 270 of 534
`
`X/Open CAE Specification (1992)
`Cisco —— Exhibit 1004
`
`
`
`SIWB Ilansmission Analysis
`
`DOS Functions
`
`Change Current Dire ctory
`
`Function number
`
`0x3b.
`
`SMB sent
`
`Reason
`
`SMBchkpth.
`
`Change directory.
`
`Change Directory Entry
`
`Function number
`
`0x56.
`
`SMB sent
`
`Reason
`
`SMBmV.
`
`Renam e file.
`
`Close File (PCB I/O)
`
`Function number
`
`0x10.
`
`SMB sent
`
`Reason
`
`S]\4BcIose.
`
`Close file (FCB I/O).
`
`Close File Handle
`
`Function number
`
`Ox3e.
`
`SMB sent
`Reason
`
`S]\/IBc1ose, SMBsplr1ose (printer device).
`Close file.
`
`Cre ate D ire ctory
`
`Funrrion number
`
`0x30.
`
`SJVIB sent:
`
`Reason
`
`SMB1nkd1'r.
`
`Make directory.
`
`Create File (FCB I/O)
`
`Function number
`
`OX16.
`
`SMB sent
`
`Reason
`
`SMBcreate.
`
`Create file.
`
`Create File Handle
`
`Function ntunber
`
`0x3C.
`
`SIWB sent
`
`Reason
`
`SI‘/IBcrea te.
`
`Create file.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`Page
`of
`
`253
`Clsco —— Exhibit 1004
`
`
`
`DOS Functions
`
`SMB Transmission Analysis
`
`Create New File
`
`Function number
`
`0x5b.
`
`SMB sent
`
`Reason
`
`SMBmlmew.
`
`Create file.
`
`De le te Dire ctory Entry
`
`Function number
`
`0x41.
`
`SMB sent
`
`Reason
`
`SA/IBun1ink.
`
`Delete file.
`
`Delete File (FCB I/O)
`
`Function number
`
`0x13.
`
`SMB sent
`
`Reason
`
`End Proce ss
`
`SMBunI.ink.
`
`Delete file (FCB I/O).
`
`Function number
`
`0x4c.
`
`SIVIB sent
`
`Reason
`
`Find First File
`
`SMBeX1't.
`
`Exit program in e.
`
`Function number
`
`0x4e.
`
`SIVIB sent
`
`Reason
`
`Find Next File
`
`SA/D3search.
`
`Find first In atching filenam e.
`
`Function number
`
`0x4f.
`
`SMB sent
`
`Reason
`
`Flush Buffe r
`
`SMBsearch.
`
`Find next matching filenam e.
`
`Function number
`
`0x68.
`
`SMB sent
`
`Reason
`
`SMBflush.
`
`Com m it file.
`
`254
`
`Page 272 of 534
`
`X/Open CAE Specification (1992)
`Cisco —— Exhibit 1004
`
`
`
`SMB Transmission Analysis
`
`DOS Functions
`
`Get Assign List Entry
`
`Function number
`
`Ox5f.
`
`SA/[B sent
`
`Reason
`
`SMBtcon, SMBtdis.
`
`Redirect device, cancel redirection.
`
`Get De fault Drive Data
`
`Function number
`
`Oxlb.
`
`SMB sent
`
`Reason
`
`Sl\{BdsI(attr.
`
`Get data on the default drive.
`
`Get Disk Free Space
`
`Function number
`
`0x36.
`
`SMB sent
`
`Reason
`
`Get Drive data
`
`3MBds1<attr.
`
`Get free space on disk.
`
`Function number
`
`Oxlc.
`
`SA/IB sent
`
`Reason
`
`Sl\/IBds1<att1:
`
`Get data on a drive.
`
`Get File Size (FCB I/O)
`
`Function nnmher
`
`0x23.
`
`SMB sent
`
`Reason
`
`Sl\/IBsea1‘cb.
`
`File size in records.
`
`Load and Exe cute Program m e /Load Ove rlay
`Function number
`0x4b.
`
`SMB sent
`
`Reason
`
`SMBopen, SMBread, SMBclose.
`
`Load/execute programm e.
`
`Move File Pointe r
`
`Function number
`
`0x42.
`
`SA/H3 sent
`
`Reason
`
`Sl\/Blseek.
`
`Set position in file.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`Page
`of
`
`255
`Cisco —— Exhibit 1004
`
`
`
`DOS Functions
`
`SMB Transmission Analysis
`
`Open File (FCB I/O)
`Function number
`
`0xOf.
`
`SIVLB sent
`
`Reason
`
`SMBopen (read/write/share set to Oxff).
`
`Open file (FCB I/O).
`
`Open File Handle
`
`Function number
`
`0x3d.
`
`SMB sent
`
`Reason
`
`Print Characte r
`
`S]\/IBopen, SZ\/£BspIopen (printer device).
`
`Open file.
`
`Function number
`
`0x05.
`
`SMB sent
`
`Reason
`
`SMBsp]open, SMBsp1wr, SMBspIcIose.
`
`Printer output.
`
`Random Block Re ad (FCB 10)
`
`Function number
`
`0x27.
`
`SIVIB sent
`
`Reason
`
`S’_\/Bread.
`
`Random block read (FCB I/O).
`
`Random Block Write (FCB IO)
`
`Function number
`
`0x28.
`
`SMB sent
`
`Reason
`
`SA/IBWrite.
`
`Random block write (FCB 1/ 0).
`
`Random Re ad (FCB IO)
`
`Function number
`
`0x21.
`
`SMB sent
`
`Reason
`
`SMBread.
`
`Random read (FCB 1/ 0).
`
`Random Write (FCB I/O)
`
`Function number
`
`0x22.
`
`SR/1B sent
`
`Reason
`
`S.MBw1‘1'te.
`
`Random write.
`
`256
`
`Page 274 of 534
`
`X/Open CAE Specification (1992)
`Cisco -~ Exhibit 1004
`
`
`
`SMB lransmission Analysis
`
`DOS Functions
`
`Re ad Via File Handle
`
`Function number
`
`Ox3f.
`
`SMB sent
`
`Reason
`
`SMBread.
`
`Read file.
`
`Rem ove Dire ctory
`
`Function number
`
`0x3a.
`
`SMB sent
`
`SMBrmd1'r.
`
`Reason
`
`Rem ove directory.
`
`Rename File (FCB I/O)
`
`Function number
`
`0x17.
`
`SMB sent
`
`Reason
`
`Re set Disk
`
`SMBmv.
`
`Renam e file.
`
`Function number
`
`0x0d.
`
`SMB sent
`
`SI\/.lBflush.
`
`Reason
`
`Disk reset (flush file buffers).
`
`Search For First Entry
`
`Function number
`
`0x11.
`
`SMB sent
`
`SMBsearch.
`
`Reason
`
`Search first matching entry.
`
`Search For Next Entry
`
`Function number
`
`0x12.
`
`SA/IB sent
`
`SMBsearch.
`
`Reason
`
`Search next in atching entry.
`
`Sequential Re ad (FCB I/O)
`
`Function number
`
`0x14.
`
`SJVIB sent
`
`F
`
`S1\/[Bread
`
`Reason
`
`Sequential read (PCB I/O).
`
`Protocols for X/Open PC Interworking: SI\/[8, Version 2
`
`Page 275 of534
`
`257
`
`Cisco -- Exhibit 1004
`
`
`
`DOS Functions
`
`SIVIB Transmission Analysis
`
`Se que ntial Write (FCB I/O)
`Function number
`0x15.
`
`SA/LB sent
`
`SMBwr1'te.
`
`Reason
`
`Sequential write (FCB 1/ O).
`
`Setflet Date /Time of File
`
`Function number
`
`0x57.
`
`SMB sent
`
`Reason
`
`SMBsearch, SMBsetatr.
`
`Get/set file date and time.
`
`S e tfle t File Attribute s
`
`Function number
`
`0x43.
`
`SMB sent
`
`Reason
`
`SMBsetat1‘.
`
`Change file attributes.
`
`Te rm inate Program m e
`
`Function number
`
`0x00.
`
`SMB sen t
`
`Reason
`
`SMBeXit.
`
`Program m e terminate.
`
`Unlock/Lock File
`
`Function number
`
`0x5C.
`
`SIVIB sent"
`
`Reason
`
`Sl\/Block, SMBunIock.
`
`Lock/ Unlock file.
`
`Write Via File Handle
`
`Function number
`
`0x40.
`
`SMB sent
`
`Reason
`
`Sl\/IBWrite, SMBsplwr (printer device).
`
`Write file.
`
`258
`
`Page 276 of 534
`
`X/Open CAE Specification (1992)
`CISCO —— Exhibit 1004
`
`
`
`Sl\4B Cllansmission Analysis
`
`052 Functions
`
`A.3
`
`OS /2 Functions
`
`The SMB requests generated from OS/2 redirectors will vary based on the protocol dialect
`negotiated. This variation is highlighted in the sequences below by listing the SMB request that
`will be sent if the extended 1.0 dialect was negotiated first followed by the SMB request for the
`extended 2.0 dialect.
`
`DosBufRe set
`
`SIWB sent
`
`Reason
`
`DosChDir
`
`SMB sent
`
`Reason
`
`DosClose
`
`SMB sent
`
`Reason
`
`DosDele te
`
`SMB sent
`
`Reason
`
`DosDe VIO Ctl
`
`SMB sent
`
`Reason
`
`DosExe cPgm
`
`SMB sent
`
`Sl\/lBflt1sh.
`
`Flush file buffer.
`
`SMBchlrpth.
`
`Change the current working directory.
`
`SA/LBclose, SMBwritec1ose, Sl\4Bwrite.
`
`Close FID.
`
`If the file I/O is buffered, a DosClose will cause the data in the buffers to
`be flushed. This type of situation in ay cause an SMBwr1'teclose or
`SMBwrite to be sent.
`
`SMBunl1'nl<.
`
`Delete a file.
`
`Sl\/IB1'octl, SMB1'octIs.
`
`Pass a device—specific I/O control request to a driver.
`
`SMBopen, SMB1‘ead, Sl\/[Bclose Sl\/lBtrans2(TRANSACT2_ OPEN) may be
`used for the open function instead of SMBopen for the extended 2.0
`dialect.
`
`Reason
`
`Start a programme as a child process.
`
`DosExecPgni makes use of OS/2’s standard file I/O functions.
`
`DosFile Locks
`
`SMB sent
`
`Reason
`
`SMB1ocl< SMBlocl<1'ngX, SMB1orlrread, Sl\/lBun1ock, SlVlBwr.itet1nlocl<,
`
`Set or reset a byte lock range in an open file.
`
`An Sl\4Bwr1'teunlocl< is sent after unlocking bytes which were just written
`out. SMBIockread is used to lock and then read ahead.
`
`Protocols for X/Open PC lnterworking: SlV[B, Version 2
`
`Page 277 of 534
`
`259
`Cisco —— Exhibit 1004
`
`
`
`O32 Functions
`
`SMB Transmission Analysis
`
`DosFindClose
`
`Sl\/B sent
`
`Reason
`
`D0sFindFirst
`
`SMB sent
`
`Reason
`
`DosFindFirst2
`
`Sl\4B sent
`
`Reason
`
`DosFindNe xt
`
`SI\/H3 sent
`
`Reason
`
`S]VIB1ilose and possibly SMBfindnclose.
`
`If change notification was
`Close an active directory search handle.
`involved, the S1\4Bfindnclose will be sent to cancel further notifications.
`
`Sl\/IB1?irst or SMBtrans2(TRANSACT2_F1NDFIRS'I).
`
`Find the first file in a directory m atching the search pattern.
`
`Sl\/IBl’rans2(YY?ANSACT2_FINDFIRSfl). An SIV1BfindClose may follow.
`
`If no
`Find the first file in a directory matching the search pattern.
`additional searchs are desired the SMBfindcIose will be used to allow the
`server to free resources associated with the find.
`
`SMB1'first or SMBtrans2( TRANSACT2_F1NDNEX7) .
`
`Get the next file from the search pattern.
`
`If this function is used on a sufficiently large directory it will eventually
`send an SMBfind request.
`
`DosFindNotifyClose
`SMB Sent
`
`SMBfindncIose.
`
`Reason
`
`DosMkDir
`
`SMB sent
`
`Reason
`
`DosMove
`
`SMB sent
`
`Reason
`
`DosOpen
`
`SMB sent
`
`Reason
`
`To indicate to the LMX server that directory search requests are com plete.
`
`Sl\/IBmkdir SA/1Btrans2("IRANSACT2_l\/IKDIR).
`
`Create a new directory.
`
`SMBm V.
`
`Rename or move a file.
`
`SMBopenX, SMBopen, SMBcreat'e, SMBreadX or
`SMB t1‘ans2( TRANSA C T2_ OPEN) .
`
`Open a device/file for I/O.
`
`D0sOpen may send an Sl\/IBI‘eadX read ahead. DosOpen will send an
`SMBopenX instead of an SMBopen when in protected mode. SMBopen has
`no capabilities for creating a file when opening, so DosOpen may send an
`Sl‘/LBc1‘eate.
`
`260
`
`Page 278 of 534
`
`X/Open CAE Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`SMB Tliansmission Analysis
`
`O52 Functions
`
`DosQCurDir
`
`SMB sent
`
`Reason
`
`DosQFS Info
`
`SIWB sent
`
`Reason
`
`DosQFile Info
`
`SMB sent
`
`Reason
`
`DosQFi1e Mode
`
`SIVIB sent
`
`Reason
`
`DosRe ad
`
`SM-B sent
`Reason
`
`DosRe adAsync
`
`S]\4B sent
`
`Reason
`
`DosRm Dir
`
`Sl\/1Bchkpth.
`
`Determine the current directory of a logical drive.
`
`S1V.£Bdskattr or 5MBtrans2(T.RANSACT2_ QFSINFO).
`
`Retrieve file system information data.
`
`SMBgctattrE or SMBtrans2(TRANSACTLQFILEINFO).
`
`Retrieve a file information record.
`
`SI\/Bgetatr.
`
`Get a files attribute byte.
`
`SMBread, SMBreadX, S1\4BreadbraW, SMBreadbmpX.
`Read characters from an FID.
`
`SiMBrear}braw is used to send a block of data which is larger than the data
`size which was negotiated.
`
`SMBread, SlVIB1‘eadX, SMBreadbraW, SR/IB1‘eadbmpX.
`
`Read characters from an FID asynchronously.
`Sam e behaviour as DosRead.
`
`SMB sent
`
`S1VIBrmd1'r.
`
`Reason
`
`Delete a subdirectory.
`
`DosSe tFile Info
`
`SMB sent
`
`SMBsetaz‘tz‘E.
`
`Reason
`
`Change a file's directory inform ation.
`
`Protocols for X/Open PC lnterworking: SM3, Version 2
`
`Page
`
`Of
`
`261
`
`Cisco —— Exhibit 1004
`
`
`
`OS/Z Functions
`
`SMB Iransmission Analysis
`
`DosSe tFile Mode
`
`SMB sent
`
`Reason
`
`DosWrite
`
`SMB sent
`
`Reason
`
`DosWriteAsync
`
`SMB sent
`
`Reason
`
`SMBsetatr.
`
`Change a file's attribute.
`
`SA/IBw1*1'te, SA/1Bwr1'teX, SMBwr1'tebraw, SA/Bwritebmpx.
`
`Write characters to an FID.
`
`S1\/lBwritebraw is used to send a block of data which is larger than the data
`size which was negotiated.
`
`Sl\/1Bwr1't'e, SMBwr1‘teX, S1\/IBw1'1’tebraw, SIVfl3wr1'tebInpX.
`
`Write characters to an FID asynchronously.
`
`Same behaviour as D0sWrite.
`
`Z62
`
`Page
`
`Of
`
`X/Open CAE Specification (1992)
`
`Cisco -- Exhibit 1004
`
`
`
`Appendix B
`
`
` LAN Manager Remote Administration Protocol
`
`B.l
`
`Overview
`
`remote
`to implement
`the mechanism used by LAN Manager
`section describes
`This
`administration functions and access control lists. The protocols described here are those which
`are provided by the extended dialects. They are included here so that an im plem entor can build
`an Ll\/IX server which can handle this class of SMB redirector requests. However, their inclusion
`in this specification does not imply any X/Open endorsement of these mechanisms as the basis
`for future X/Open network management functionality.
`
`All administrative functions in the LAN Manager are provided by a set of shared library
`routines, often referred to as LAN Manager API routines. Many of these routines have a
`servername argument which the caller uses to distinguish a local administrative operation (one
`which applies to the LMX server on the local machine) from a remote operation (one which
`applies to the server on another machine).
`
`In the case of a remote operation the SMB redirector packages up its arguments, and sends them
`to the appropriate Ll\/LX server. The LMX server then calls the corresponding LAN Manager API
`routine locally, packages the results, and sends them back to the SMB redirector. The
`mechanism resembles a specialised, private, remote procedure call facility between the SMB
`redirector and the LMX server.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page
`
`of
`
`263
`
`Cisco —— Exhibit 1004
`
`
`
`Remote API Protocol
`
`LAN Manager Remote Administration Protocol
`
`B2
`
`Re In ote API Protocol
`
`1. All remote API operations are done using the share name IPC$. The SMB redirector will
`automatically connect to that share if necessary in order to do a remote API call.
`
`2. All remote API operations are done using the Transaction SMB Sl\/lBtrans.
`
`3. The smb_name field of the Transaction SMB is always \PIPE\LANMAl\l. The server uses
`this to identify a remote API request. The SMB resembles a normal named pipe operation,
`which is also done using a Transaction SMB. However, the smb_setup[0] field, which
`would normally contain
`the
`desired named pipe operation,
`is
`ignored;
`the
`\PIPE\LANMAN nam e field is sufficient to identify a remote API operation.
`
`The arguments for the remote API call are encapsulated in the Transaction request SMB; return
`values are encapsulated in the Transaction response SMB. In both the request and the response,
`all binary values are stored in little—endian order, least significant byte first. There are no pad
`bytes other than those explicitly specified in descriptor strings; therefore, items may be located
`at an arbitrary byte boundary - there are no alignment restrictions.
`
`The request and response Transaction SMBs contain a parameter section and a data section. The
`arguments for a remote API call are split into two parts, and placed in these sections of the
`request Transaction. The Transaction response message contains the results of the call, split
`between the parameter and data sections of the Transaction response. A number of fields in the
`Transaction SMB identify the size and location of these sections within the SMB, and also allow a
`single Transaction request or response to be split into several messages (refer to X/ Open CAB
`Specification, IPC Mechanisms for SMB).
`
`264
`
`Page 282 of 534
`
`X/Open CAE Specification (1992)
`CiSCO ~- Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`LMX Access Control Lists Mapping
`
`B.3
`
`LMX Access Control Lists Mapping
`
`Access control lists (ACLs) are used by LMX servers running in user-level security mode.
`Though the implementation of ACLs is outside the scope of the specification the following list is
`a set of possible access permissions, which is used by LAN Manager implementations.
`
`User—level security allows access permissions to be set for each shared resource (for example, file
`system subtree, individual file, spooler, device, etc.). Each shared resource has a list of users and
`groups, with the permissions allowed for each user or group on that resource.
`
`l ACL Permissions
`R
`read
`
`3
`
`I W write
`X
`execute
`C
`create
`
`D
`A
`
`P
`
`N
`Y
`
`‘
`M
`
`delete
`change attributes
`
`change permissions
`
`deny access
`allow spool requests
`
`‘
`
`,
`
`Permission to read data from a resource and, by
`default, execute the resource.
`
`Permission to write data to the resource.
`Permission to execute the resource.
`Permission to create an instance of the resource
`(for example, a file); data can be written to the
`resource when creating it.
`Permission to delete the resource.
`Permission to modify the resources attributes
`(for example, the date and time a file was last
`A
`modified).
`(readf
`Permission to modify the permissions
`write, create, execute and delete) assigned to a
`resource for a user, group or application.
`No permissions.
`
`L
`
`,
`
`Since the X/Open CAB does not provide an access control list (ACL) mechanism, the usual CAE
`access control mechanisms should be used instead. Following the principle of least surprise, a
`mapping is defined for access mechanisms which cannot easily be provided under CAE systems.
`The CAE access control mechanisms are used to permit interoperability for applications which
`reside on both PCs and on CAE hosts.
`
`A mapping from (SMB) UID and username/password supplied by the client to CAE User ID
`(aid) and Group ID(s) (gid) is established by the SMBsesssetupX and will be maintained by the
`LMX server. The mapped-to CAE User JD and one or more Group IDs are used for all accesses
`on the CAB system in the usual manner.
`
`The differences between the functionality provided by ACLS and the access control mechanisms
`for LMX servers described above include:
`
`1. ACL permissions apply to shared resources. This includes file system directories as well as
`individual files. CAE permissions apply to individual files and directories but are not
`extended to subtrees.
`
`2. For each resource, ACL permissions can be listed for any number of individual users, for
`any number of groups, and for anyone else. A CAE file or directory specifies permissions
`for the owner, one group and everyone else.
`
`Protocols for X/Open PC Interworking: Sl\/IB, Version 2
`
`Page
`
`of
`
`255
`
`Cisco —— Exhibit 1004
`
`
`
`Ll\/IX Access Control Lists Mapping
`
`LAN Manager Remote Administration Protocol
`
`The following table shows the mapping between the ACL permissions and CAB perm issions:
`
`1 SMB Permissions
`R
`read
`W write
`
`X
`C
`D
`A
`P
`N
`Y
`
`execute
`create
`delete
`change attributes
`change permissions
`deny access
`allow spool requests
`
`Equivalent CAB Permission
`r
`read
`W write
`
`read (Note 1)
`r
`w write on parent dir
`w write on parent dir
`not supportable
`(Note 2)
`no permissions (Note 3)
`not supportable
`
`-
`
`Z
`
`'
`
`Notes:
`
`1. Execute permission for LMX servers requires only read permission, as the client
`need only be able to read the file before it can execute it.
`
`2. Not an assignable access right. The owner of a file and users with appropriate
`privileges always have P access and cannot relinquish it; no other user can
`acquire P access.
`
`3. Not a specific right, but the absence of rights. Note that the privileged user
`always has all rights and can relinquish none of them.
`
`ACLs could be partially implemented for LMX servers by placing the required checks into the
`LMX server itself. The list would be used to further restrict (but not grant) access to files and
`directories beyond the restrictions imposed by the usual CAB access control mechanisms. A
`client may have access to a resource only if it does not conflict with CAB permissions and if it is
`specified in the ACL. There may be cases where the ACL indicates that a user should have
`access, but the CAB security would have to be circumvented to honour it. The access will be
`denied in accordance with the CAB in these cases. This permits access security to be maintained
`on both the server and client system equivalently; if a user local on the CAB system is denied
`access, access should be denied for the user on a client system as well.
`
`X/Open-compliant system implementations which support native ACLs as an enhancement
`may use that mechanism instead of the normal CAB access control mechanisms if desired, as
`long as the ACLs do not grant permission where the expected CAB access mechanisms would
`have denied it.
`
`266
`
`Page 284 of 534
`
`X/Open CAB Specification (1992)
`Cisco -- Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`Transaction API Request Format
`
`B.4
`
`Transaction API Re que st Form at
`
`B.4.l
`
`Parameter Section
`
`The parameter section (smb_param) of the Transaction request contains the following:
`
`- API number: 16-bit integer
`
`- parameter descriptor string: null—term inated ASCII string
`
`- data descriptor string: null-term inated ASCII string
`
`- parms: subroutine arguments, as described by the parameter descriptor string
`
`o auxiliary data descriptor string: optional null—terminated ASCII string
`
`The API number identifies which API routine the SMB redirector wishes the LMX server to call
`
`on its behalf. A list of API numbers is given in Section B8 on page 275.
`
`The parameter descriptor string describes the types of the arguments in the data section
`(smb_data), as given in the original call to the routine on the SMB redirector.
`
`The data descriptor string describes the form at of a data structure, or data buffer, which is sent
`to the API routine. The API routine on the SMB redirector is normally given a pointer to this
`buffer. Note that this descriptor string is also used by the server to determine the form at of the
`data buffer to be sent back from the API call.
`
`The parms field contains the actual subroutine arguments, as described by the parameter
`descriptor string.
`
`The auxiliary data descriptor string describes the form at of a second, auxiliary data structure
`which is either sent to or received from the API routine, in addition to that defined by the data
`descriptor string. The data described by this descriptor string is located in the data section
`(smb_data) of SMBtrans,
`immediately following the data described by the primary data
`descriptor.
`
`B.4.2 Data Se ction
`
`The data section (smb_data) of the SMBtrans request contains the following:
`
`- the prim ary data buffer, as described by the data descriptor string in the parameter section
`
`-
`
`the auxiliary data buffer (optional), as described by the auxiliary data descriptor in the
`parameter section
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page
`
`of
`
`257
`
`Cisco —- Exhibit 1004
`
`
`
`Transaction API Response Format
`
`LAN Manager Remote Administration Protocol
`
`B.5
`
`Transaction API Response Form at
`
`B.5.l
`
`Param ete r Se ction
`
`The parameter section (smb_param) of the SMBtrans response contains the following:
`
`- Status: a 16-bit integer. This is the return status as if the requested LAN Manager API routine
`would be executed on the responders system. Zero norm ally indicates success.
`
`- Converter word: 16-bit integer, used by the requestor’s system to adjust the pointer in the
`data section. The use of this field is described below.
`
`- Parms: return parameters, as described by the parameter descriptor string in the request
`message. Only those parameters which are identified in the parameter descriptor string as
`being receive pointers (that is, which will be modified by the server) are actually returned
`here.
`
`B52
`
`Data S e ction
`
`The data section (smb_data) of the SMBtrans request contains:
`
`- the primary returned data buffer, as described by the data descriptor in the request message
`
`- the auxiliary data buffer (optional), as described by the auxiliary data descriptor in the
`request m essage
`
`268
`
`Page 286 of 534
`
`X/Open CAE Specification (1992)
`Cisco —— Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`Descriptor Strings
`
`B.6
`
`De sc riptor S trings
`
`A descriptor string is a null-terminated ASCII string. Descriptor string elements consist of a
`letter describing the type of the argument, possibly followed by a number
`(in ASCII
`representation), specifying the size of the argument. Each item in the descriptor string describes
`one data element.
`
`B.6.l
`
`De sc riptor S tring Type s
`
`The following describes the characters which may be encountered in a descriptor string, and the
`form at of the corresponding data described by the descriptor string.
`B
`
`Byte
`
`If followed by one or more digits (that is, 1313) this refers to an array of bytes. One or more
`bytes will be located in the corresponding data area. Note that this type will not be found in
`the parameter descriptor string (that
`is,
`it will not be used to describe subroutine
`arguments), since single bytes cannot be pushed onto the stack by the SMB redirector.
`
`16-bit integer
`
`If followed by one or more numbers (that is, W4) this refers to an array of 16-bit integers.
`One or more 16-bit integers will be located in the corresponding parameter or data area.
`
`32-bit integer
`
`If followed by one or more numbers (that is, D3) this refers to an array of 32-bit integers.
`One or more 32-bit integers will be located in the corresponding parameter or data area.
`
`N uil—terrn ir1ateu' ASCII string
`
`N
`
`The corresponding parameter or data area contains a null—terminated ASCII string. This
`type has a different meaning when applied to returned data.
`(See below.)
`
`Byte pointer
`
`The original argument list or data structure contained a pointer to one (that is, b) or more
`(that is, b8) bytes at this position. The bytes themselves are located in the corresponding
`parameter or data area. This type has a different meaning when applied to returned data.
`(See below.)
`
`Word pointer
`
`The original argument list or data structure contained a pointer to one (that is, w) or more
`(that is, wZ) 16-bit integers at this position. The integers themselves are located in the
`corresponding parameter or data area. This type has a different meaning when applied to
`returned data.
`(See below.)
`
`Dword pointer
`
`The original argument list or data structure contained a pointer to one (that is, C1) or more
`(that is, d3) 32-bit integers at this position. The integers themselves are located in the
`corresponding parameter or data area. This type has a different meaning when applied to
`returned data.
`(See below.)
`
`Receive byte pointer
`
`The original argument list contained a pointer to one (that is, g) or more (that is, g8) bytes at
`this position, which are to receive return values from the API call. The Transaction request
`contains nothing at this position in the corresponding parameter or data area; the response
`message contains data.
`
`Protocols for X/Open PC Interworking: SMB, Version 2
`
`Page 287 of 534
`
`269
`
`Cisco —— Exhibit 1004
`
`
`
`Descriptor Strings
`
`LAN Manager Remote Administration Protocol
`
`Receive word pointer
`
`Contains data in the parameter section. The original argument list contained a pointer to
`one (that is, h) or more (that is, h2) 16-bit integers at this position, which are to receive
`return values from the API call. The Transaction request contains nothing at this position in
`the corresponding parameter or data area;
`the response message contains data in the
`parameter section.
`
`Receive dword pointer
`
`The original argument list contained a pointer to one (that is, i) or more (that is, i3) 32-bit
`integers at
`this position, which are to receive return values from the API call. The
`Transaction request contains nothing at this position in the corresponding param eter or data
`area; the response message contains data in the parameter section.
`
`Null pointer
`
`The original argument list or data structure contained a null pointer at this position. There
`is nothing stored at this position in the corresponding parms or data area.
`
`Send data buffer pointer
`
`The original argument list contained a pointer at this position to a data structure containing
`more data arguments to the API call. This item appears only in a parameter descriptor
`string. The form at of the secondary data structure is described in the data descriptor string
`(contained in the parameter section of the Transaction request message). The data itself is
`contained in the data section of the Transaction request message.
`
`Length of send buffer
`
`integer argument at this position which
`The original argument list contained a 16-bit
`specified the length of the send buffer. This item appears only in a parameter descriptor
`string. No value is placed in the corresponding parameter area.
`
`Receive data buffer pointer
`
`The original argument list contained a pointer at this position to a data structure which was
`to be filled in by the API call. This item appears only in a parameter descriptor string. The
`form at of the secondary data structure is described in the data descriptor string (contained
`in the parameter section of the Transaction request message). The data itself is contained in
`the data section of the Transaction response message.
`
`Length of receive buffer
`
`this position which
`integer argument at
`The original argument list contained a 16-bit
`specified the length of the receive buffer. This item appears only in a parameter descriptor
`string. The corresponding parameter area contains a 16-bit integer specifying the length of
`the receive buffer.
`
`Param eter num ber
`
`The corresponding parameter or data area contains a 16-bit short integer.
`Entries read
`
`The original argument list contained a pointer to a 16-bit integer at this position, which is to
`receive the number of entries returned by the API call in the receive buffer. The Transaction
`request contains nothing at this position in the corresponding parameter or data area; the
`response message contains the numbers of entries returned in the receive data buffer.
`
`270
`
`Page 288 of 534
`
`X/Open CAE Specification (1992)
`Cisco -— Exhibit 1004
`
`
`
`LAN Manager Remote Administration Protocol
`
`Descriptor Strings
`
`N Number of auxiliary structures
`
`This field is only found in data descriptor strings. The presence of the field indicates that
`there will be auxiliary data sent (if found in a send data descriptor string), or received (if
`found in a receive data descriptor string). The corresponding data block contains a 16-bit
`integer specifying the number of auxiliary data structures to be sent (for a send data buffer),
`or which have been received (for a receive data buffer).
`K Unstructured data block
`
`This will norm ally be the only item in a descriptor string.
`Fill
`
`F
`
`The corresponding data area contains one (that is, F) or more (that is, F3) fill bytes at this
`position.
`
`B.6.2
`
`Pointe r Type s and Re turne d Data
`
`Lower—case letters are considered pointer types. These pointer types 2, b, w and d have a
`different meaning if they are used to describe returned information.
`In this case the pointers
`occur in a data descriptor string or auxiliary data descriptor string and describe data to be
`returned in the data section (smb_data) of the SMBtrans response message.
`In this case the item
`referred to by the pointer is not the array or string itself, but a 32-bit integer. The high—order 16-
`bits are to be ignored and the low—order 16-bits contain an offset. The offset subtracted by the
`converter word points to the array or string within the returned data buffer itself.
`
`The data descriptor describes one instance of the returned data structure. The response buffer
`may contain several of these data structures, each of which is a fixed size. Together, these make
`up the fixed—length portion of the returned data area. The returned data buffer may also contain
`data pointed to by the various pointer types described above. This data may contain strings, and
`is likely to be of variable length. The fixed—length data is always placed at the beginning of the
`returned data buffer; the placement of the variable—length data is up to the server.
`
`The responder must place variable—length data at the end of the data buffer and set the pointers
`accordingly. Since the total length of the data buffer is only known at the end of processing,
`there may be a gap between the fixe