From 71cabadee7b59a1ebac99aacb0121b3e43b89b89 Mon Sep 17 00:00:00 2001
From: erdgeist <>
Date: Sat, 6 Dec 2003 19:59:06 +0000
Subject: LANMAN
---
doc/cifsrap2.txt | 2427 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 2427 insertions(+)
create mode 100755 doc/cifsrap2.txt
diff --git a/doc/cifsrap2.txt b/doc/cifsrap2.txt
new file mode 100755
index 0000000..64a2cd7
--- /dev/null
+++ b/doc/cifsrap2.txt
@@ -0,0 +1,2427 @@
+
+
+
+
+
+
+Network Working Group Paul J. Leach, Microsoft
+INTERNET-DRAFT Dilip C. Naik, Microsoft
+draft-leach-cifs-rap-spec-00.txt
+Category: Informational
+Expires August 26, 1997 February 26, 1997
+
+ CIFS Remote Administration Protocol
+ Preliminary Draft
+
+STATUS OF THIS MEMO
+
+THIS IS A PRELIMINARY DRAFT OF AN INTERNET-DRAFT. IT DOES NOT REPRESENT
+THE CONSENSUS OF THE ANY WORKING GROUP.
+
+This document is an Internet-Draft. Internet-Drafts are working
+documents of the Internet Engineering Task Force (IETF), its areas, and
+its working groups. Note that other groups may also distribute working
+documents as Internet-Drafts.
+
+Internet-Drafts are draft documents valid for a maximum of six months
+and may be updated, replaced, or obsoleted by other documents at any
+time. It is inappropriate to use Internet-Drafts as reference material
+or to cite them other than as "work in progress".
+
+To learn the current status of any Internet-Draft, please check the
+"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
+Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
+munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
+ftp.isi.edu (US West Coast).
+
+Distribution of this document is unlimited. Please send comments to the
+authors or the CIFS mailing list at <cifs@listserv.msn.com>.
+Discussions of the mailing list are archived at
+<URL:http://microsoft.ease.lsoft.com/archives/cifs.html>.
+
+
+ABSTRACT
+
+This specification defines how an RPC like mechanism may be implemented
+using the Common Internet File System (CIFS) Transact SMB. Specific
+examples are provided of how a CIFS client may request a CIFS server to
+execute a function. The examples show complete details of the request
+sent by the CIFS client and the response from the CIFS server.
+
+
+Table of Contents
+
+
+1.OBJECTIVE...........................................................2
+
+2.PREREQUISITES AND SUGGESTED READING.................................2
+
+3.REMOTE ADMINISTRATION PROTOCOL OVERVIEW.............................3
+
+
+
+
+Leach, Naik [Page 1] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+4.REMOTE ADMINISTRATION PROTOCOL......................................3
+
+ 4.1 NOTATION.........................................................4
+ 4.2 DESCRIPTORS......................................................5
+ 4.2.1Request Parameter Descriptors.................................5
+ 4.2.2Response Parameter Descriptors................................5
+ 4.2.3Data Descriptors..............................................6
+ 4.3 TRANSACTION REQUEST PARAMETERS SECTION...........................6
+ 4.4 TRANSACTION REQUEST DATA SECTION.................................7
+ 4.5 TRANSACTION RESPONSE PARAMETERS SECTION..........................7
+ 4.6 TRANSACTION RESPONSE DATA SECTION................................7
+
+5.NETSHAREENUM........................................................8
+
+6.NETSERVERENUM2.....................................................10
+
+7.NETSERVERGETINFO...................................................13
+
+8.NETSHAREGETINFO....................................................15
+
+9.NETWKSTAUSERLOGON..................................................19
+
+10. NETWKSTAUSERLOGOFF...............................................24
+
+11. NETUSERGETINFO...................................................26
+
+12. NETWKSTAGETINFO..................................................30
+
+13. SAMOEMCHANGEPASSWORD.............................................32
+
+14. AUTHOR'S ADDRESSES...............................................34
+
+15. APPENDIX A.......................................................34
+
+ 15.1.1...................................................TRANSACTIONS 36
+
+16. APPENDIX B.......................................................38
+
+ 16.1MARSHALING AND UNMARSHALING USING DESCRIPTOR STRINGS............38
+
+
+
+
+1. Objective
+
+This document details an RPC like mechanism used by CIFS clients to
+submit requests to CIFS servers and obtain the results of the request
+back from the server.
+
+For convenience, some sections from the CIFS specification have been
+reproduced in part within this document. Note that the CIFS
+specification should be considered to be the authoritative reference, in
+case of any doubts, rather than this document.
+
+2. Prerequisites and suggested reading
+
+
+
+
+Leach, Naik [Page 2] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+@ Familiarity with Common Internet File Systems specification (CIFS)
+
+
+3. Remote Administration Protocol overview
+
+The Remote Administration Protocol (RAP) is similar to an RPC protocol,
+in that:
+@ it is an at-most-once synchronous request-response protocol
+@ it is a framework that can be used for remotely requesting many
+ different kinds of services
+@ it is designed to allow (but not require) the programming interface
+ to the protocol to be that of remotely executed procedure calls �
+ which means that one thinks if the protocol in terms of marshaling
+ and unmarshaling procedure call input and output arguments into
+ messages and reliably transporting the messages to and from the
+ client and server
+Each RAP request is characterized by a set of ASCII descriptor strings
+that are sufficient to be used to interpretively drive the marshaling
+and unmarshaling process, if an implementation wanted to use them for
+that purpose. These descriptor strings are included in each request
+packet, and make the requests self-describing.
+
+RAP is layered on the CIFS Transact SMB, which provides reliable message
+delivery, security, and messages larger than the underlying network
+maximum packet size. When used for RAP, the name field in the Transact
+SMB is always set to "\PIPE\LANMAN". The Transact SMB is sent on a
+session/connection that is established to the remote server using a
+SessionSetupAndX SMB, and using a TID obtained by doing a
+TreeConnectAndX SMB to a share named "IPC$".
+
+[Refer to the CIFS specification for complete details on SMBs in
+general, and the Transact SMB in particular. For convenience, relevant
+portions from the CIFS specification have been reproduced here in
+Appendix A. Note that the CIFS specification should be considered the
+authoritative source of information, rather than Appendix A as far as
+details on the Transact SMB are concerned.]
+
+The model of a RAP service is that there are a few parameters as inputs
+and outputs to the service, exactly one of which may be a buffer
+descriptor that indicates the presence of a potentially much larger
+input or output data buffer. An argument may be a scalar, pointer, fixed
+length small array or struct, or a buffer descriptor. The data buffer
+consists of entries followed by a heap. An entry consists of a primary
+data struct and a sequence of 0 or more auxiliary data structs. An
+input buffer must contain exactly one entry; an output buffer may
+contain 0 or more. The heap is where data is stored that is referenced
+by pointers in the entries. The parameters are described by a parameter
+descriptor string; the primary data struct by a data descriptor string;
+and the auxiliary data structs by an auxiliary data descriptor string.
+
+
+4. Remote Administration Protocol
+
+
+
+
+Leach, Naik [Page 3] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+A RAP service request is sent to the server encapsulated in a Transact
+request SMB and the server sends back a Transact SMB response. An
+attribute of the Transact SMB is that it divides the payload of request
+and response messages into two sections: a parameters section and a data
+section. As might be expected from the nomenclature, RAP service
+parameters are sent in the parameters section of a Transact SMB, and the
+data buffer in the data section. Therefore, to define a service
+protocol, it is necessary to define the formats of the parameter and
+data sections of the Transact request and response.
+
+This is done in two stages. First, a C-like declaration notation is used
+to define descriptor strings, and then the descriptor strings define the
+formats of the parameter and data sections.. Note well: even though the
+declarations may look like a programming interface, they are not: they
+are a notation for describing the contents of RAP requests and
+responses; an implementation on any particular system can use any
+programming interface to RAP services that is appropriate to that
+system.
+
+4.1 Notation
+
+Parameter descriptor strings are defined using a C-like function
+declaration; data descriptor and auxiliary data descriptor strings are
+defined using a C-like structure declaration.
+
+Parameter descriptor strings are defined with the following C-like
+function declaration syntax:
+
+ rap-service = "unsigned short" service-name "(" parameters ");"
+ service-name = <upper and lower case alpha and numeric>
+The return type of the function is always "unsigned short", and
+represents the status code from the function. The service-name is for
+documentation purposes.
+
+ parameters = parameter [ ";" parameter ]
+The parameter descriptor string for the service is the concatenation of
+the descriptor characters for the parameters.
+
+ parameter = [ "const" ] param-data-type parameter-name
+ [ "[" size "]" ]
+ param-data-type = <from parameter descriptor tables below>
+ parameter-name = <upper and lower case alpha and numeric>
+ size = <string of ASCII 0-9>
+The descriptor character for a parameter is determined by looking up the
+data-type in the tables below for request or response parameter
+descriptors. The parameter-name is for documentation purposes. If there
+is a size following the parameter-name, then it is placed in the
+descriptor string following the descriptor character.
+
+Data and auxiliary data descriptor strings are defined with the
+following C-like structure declaration syntax:
+
+ rap-struct = "struct" struct-name "{" members "}"
+The descriptor string for the struct is the concatenation of the
+descriptor characters for the members. The struct-name is for
+documentation purposes.
+
+ members = member [ ";" member ]
+ member = member-data-type member-name [ "[" size "]" ]
+
+
+Leach, Naik [Page 4] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+ member-data-type = <from data descriptor tables below>
+The descriptor character for a member is determined by looking up the
+data-type in the tables below for data descriptors. The member-name is
+for documentation purposes. If there is a size following the member-
+name, then it is placed in the descriptor string following the
+descriptor character.
+
+4.2 Descriptors
+
+The following section contain tables that specify the descriptor
+character and the notation for each data type for that data type.
+
+4.2.1 Request Parameter Descriptors
+
+
+Descriptor Data Type Format
+========== ========= =====
+W unsigned short indicates parameter type of 16 bit integer
+ (word).
+D unsigned long indicates parameter type of 32 bit integer
+ (dword).
+b BYTE indicates bytes (octets). May be followed
+ by an ASCII number indicating number of
+ bytes..
+O NULL indicates a NULL pointer
+z char indicates a NULL terminated ASCII string
+ present in the parameter area
+F PAD indicates Pad bytes (octets). May be
+ followed by an ASCII number indicating the
+ number of bytes
+r RCVBUF pointer to receive data buffer in response
+ parameter section
+L RCVBUFLEN 16 bit integer containing length of
+ receive data buffer in (16 bit) words
+s SNDBUF pointer to send data buffer in request
+ parameter section
+T SNDBUFLEN 16 bit integer containing length of send
+ data buffer in words
+
+
+4.2.2 Response Parameter Descriptors
+
+
+Descriptor Data Type Format
+========== ========= =====
+g BYTE * indicates a byte is to be received. May
+ be followed by an ASCII number indicating
+ number of bytes to receive
+h unsigned short * indicates a word is to be received
+i unsigned long * indicates a dword is to be received
+e ENTCOUNT indicates a word is to be received which
+ indicates the number of entries returned
+
+
+
+
+Leach, Naik [Page 5] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+4.2.3 Data Descriptors
+
+
+Descriptor Data Type Format
+========== ========= =====
+W unsigned short indicates data type of 16 bit integer
+ (word). Descriptor char may be followed by
+ an ASCII number indicating the number of
+ 16 bit words present
+D unsigned long indicates data type of 32 bit integer
+ (dword). Descriptor char may be followed
+ by an ASCII number indicating the number
+ of 32 bit words present
+B BYTE indicates item of data type 8 bit byte
+ (octet). The indicated number of bytes are
+ present in the data. Descriptor char may
+ be followed by an ASCII number indicating
+ the number of 8 bit bytes present
+O NULL indicates a NULL pointer
+z char * indicates a 32 bit pointer to a NULL
+ terminated ASCII string is present in the
+ response parameter area. The actual string
+ is in the response data area and the
+ pointer in the parameter area points to
+ the string in the data area. The high word
+ of the pointer should be ignored. The
+ converter word present in the response
+ parameter section should be subtracted
+ from the low 16 bit value to obtain an
+ offset into the data area indicating where
+ the data area resides.
+N AUXCOUNT indicates number of auxiliary data
+ structures. The transaction response data
+ section contains an unsigned 16 bit number
+ corresponding to this data item.
+
+
+4.3 Transaction Request Parameters section
+
+The parameters and data being sent and received are described by ASCII
+descriptor strings. These descriptor strings are described in section
+4.2.
+
+The parameters section of the Transact SMB request contains the
+following (in the order described)
+@ The function number: an unsigned short 16 bit integer identifying the
+ function being remoted
+@ The parameter descriptor string: a null terminated ASCII string
+@ The data descriptor string: a null terminated ASCII string.
+@ The request parameters, as described by the parameter descriptor
+ string, in the order that the request parameter descriptor characters
+ appear in the parameter descriptor string
+@ An optional auxiliary data descriptor string: a null terminated ASCII
+ string. It will be present if there is an auxiliary data structure
+
+
+Leach, Naik [Page 6] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ count in the primary data struct (an "N" descriptor in the data
+ descriptor string).
+
+RAP requires that the length of the return parameters be less than or
+equal to the length of the parameters being sent; this requirement is
+made to simply buffer management in implementations. This is reasonable
+as the functions were designed to return data in the data section and
+use the return parameters for items like data length, handles, etc. If
+need be, this restriction can be circumvented by filling in some pad
+bytes into the parameters being sent.
+
+4.4 Transaction Request Data section
+
+The Data section for the transaction request is present if the parameter
+description string contains an "s" (SENDBUF) descriptor. If present, it
+contains:
+@ A primary data struct, as described by the data descriptor string
+@ Zero or more instances of the auxiliary data struct, as described by
+ the auxiliary data descriptor string. The number of instances is
+ determined by the value of the an auxiliary data structure count
+ member of the primary data struct, indicated by the "N" (AUXCOUNT)
+ descriptor. The auxiliary data is present only if the auxiliary data
+ descriptor string is non null.
+@ Possibly some pad bytes
+@ The heap: the data referenced by pointers in the primary and
+ auxiliary data structs.
+
+4.5 Transaction Response Parameters section
+
+The response sent by the server contains a parameter section which
+consists of:
+@ A 16 bit integer indicating the status or return code. The possible
+ values for different functions are different.
+@ A 16 bit converter word, used adjust pointers to information in the
+ response data section. Pointers returned within the response buffer
+ are 32 bit pointers. The high order 16 bit word should be ignored.
+ The converter word needs to be subtracted from the low order 16 bit
+ word to arrive at an offset into the response buffer.
+@ The response parameters, as described by the parameter descriptor
+ string, in the order that the response parameter descriptor
+ characters appear in the parameter descriptor string.
+
+4.6 Transaction Response Data section
+
+The Data section for the transaction response is present if the
+parameter description string contains an "r" (RCVBUF) descriptor. If
+present, it contains:
+@ Zero or more entries. The number of entries is determined by the
+ value of the entry count parameter, indicated by the "e"(ENTCOUNT)
+ descriptor. Each entry contains:
+ @ A primary data struct, as described by the data descriptor
+ string
+ @ Zero or more instances of the auxiliary data struct, as
+ described by the auxiliary data descriptor string. The number
+
+
+Leach, Naik [Page 7] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ of instances is determined by the value of the AUXCOUNT
+ member of the primary data struct (whose descriptor is "N").
+ The auxiliary data is present only if the auxiliary data
+ descriptor string is non null.
+@ Possibly some pad bytes
+@ The heap: the data referenced by pointers in the primary and
+ auxiliary data structs.
+
+5. NetShareEnum
+
+The NetShareEnum RAP function retrieves information about each shared
+resource on a CIFS server. The definition is:
+
+ unsigned short NetShareEnum(
+ unsigned short sLevel;
+ RCVBUF pbBuffer;
+ RCVBUFLEN cbBuffer;
+ ENTCOUNT pcEntriesRead;
+ unsigned short *pcTotalAvail;
+ );
+
+ where:
+
+ sLevel specifies the level of detail returned and must have the
+ value of 1.
+
+ pbBuffer points to the buffer to receive the returned data. If the
+ function is successful, the buffer contains a sequence of
+ SHARE_INFO_1 structures (defined later).
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcEntriesRead points to a 16 bit variable that receives a count of
+ the number of shared resources enumerated in the buffer. This
+ count is valid only if NetShareEnum returns the NERR_Success or
+ ERROR_MORE_DATA values.
+
+ pcTotalAvail points to a 16-bit variable that receives a count of
+ the total number of shared resources. This count is valid only if
+ NetShareEnum returns the NERR_Success or ERROR_MORE_DATA values.
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetShareEnum which is 0.
+@ The parameter descriptor string which is "WrLeh".
+@ The data descriptor string for the (returned) data which is "B13BWz"
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A 16 bit integer with a value of 1 (corresponding to the "W" in the
+ parameter descriptor string. This represents the level of detail the
+ server is expected to return
+
+
+Leach, Naik [Page 8] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+@ A 16 bit integer that contains the size of the receive buffer.
+
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Value Description
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+ERROR_NETWORK_ACCESS_DENIED 65 Network access is denied
+ERROR_MORE_DATA 234 Additional data is available
+NERR_ServerNotStarted 2114 The server service on the remote
+ computer is not running
+NERR_BadTransactConfig 2141 The server is not configured for
+ transactions, IPC$ is not shared
+
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the number of entries returned.
+@ A 16 bit number representing the total number of available entries.
+ If the supplied buffer is large enough, this will equal the number of
+ entries returned.
+
+Transaction Response Data section
+
+The return data section consists of a number of SHARE_INFO_1 structures.
+The number of such structures present is determined by the third entry
+(described above) in the return parameters section.
+
+
+The SHARE_INFO_1 structure is defined as:
+
+ struct SHARE_INFO_1 {
+ char shi1_netname[13]
+ char shi1_pad;
+ unsigned short shi1_type
+ char *shi1_remark;
+ }
+
+where:
+
+ shi1_netname contains a null terminated ASCII string that
+ specifies the share name of the resource.
+
+ shi1_pad aligns the next data strructure element to a word
+ boundary.
+
+ shi1_type contains an integer that specifies the type of the
+ shared resource. The possible values are:
+
+
+
+Leach, Naik [Page 9] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+
+Name Value Description
+STYPE_DISKTREE 0 Disk Directory Tree
+STYPE_PRINTQ 1 Printer Queue
+STYPE_DEVICE 2 Communications device
+STYPE_IPC 3 Inter process communication (IPC)
+
+ shi1_remark points to a null terminated ASCII string that contains
+ a comment abthe shared resource. The value for shi1_remark is null
+ for ADMIN$ and IPC$ share names. The shi1_remark pointer is a 32
+ bit pointer. The higher 16 bits need to be ignored. The converter
+ word returned in the parameters section needs to be subtracted
+ from the lower 16 bits to calculate an offset into the return
+ buffer where this ASCII string resides.
+
+ In case there are multiple SHARE_INFO_1 data structures to return,
+ the server may put all these fixed length structures in the return
+ buffer, leave some space and then put all the variable length data
+ (the actual value of the shi1_remark strings) at the end of the
+ buffer.
+
+There is no auxiliary data to receive.
+
+
+6. NetServerEnum2
+
+The NetServerEnum2 RAP service lists all computers of the specified
+type or types that are visible in the specified domains. It may also
+enumerate domains. The definition is:
+
+unsigned short NetServerEnum2 (
+ unsigned short sLevel,
+ RCVBUF pbBuffer,
+ RCVBUFLEN cbBuffer,
+ ENTCOUNT pcEntriesRead,
+ unsigned short *pcTotalAvail,
+ unsigned long fServerType,
+ char *pszDomain,
+ );
+
+ where :
+
+ sLevel specifies the level of detail (0 or 1) requested.
+
+ pbBuffer points to the buffer to receive the returned data. If the
+ function is successful, the buffer contains a sequence of
+ server_info_x structures, where x is 0 or 1, depending on the
+ level of detail requested.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcEntriesRead points to a 16 bit variable that receives a count of
+ the number of servers enumerated in the buffer. This count is
+
+
+
+Leach, Naik [Page 10] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ valid only if NetServerEnum2 returns the NERR_Success or
+ ERROR_MORE_DATA values.
+
+ pcTotal Avail points to a 16 bit variable that receives a count of
+ the total number of available entries. This count is valid only if
+ NetServerEnum2 returns the NERR_Success or ERROR_MORE_DATA values.
+
+ fServerType specifies the type or types of computers to enumerate.
+ Computers that match at least one of the specified types are
+ returned in the buffer. Possible values are defined in the request
+ parameters section.
+
+ pszDomain points to a null-terminated string that contains the
+ name of the workgroup in which to enumerate computers of the
+ specified type or types. If the pszDomain parameter is a null
+ string or a null pointer, servers are enumerated for the current
+ domain of the computer.
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetServerEnum2 which is 104.
+@ The parameter descriptor string which is "WrLehDz".
+@ The data descriptor string for the (returned) data which is "B16" for
+ level detail 0 or "B16BBDz" for level detail 1.
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A 16 bit integer with a value of 0 or 1 (corresponding to the "W" in
+ the parameter descriptor string. This represents the level of detail
+ the server is expected to return
+@ A 16 bit integer that contains the size of the receive buffer.
+@ A 32 bit integer that represents the type of servers the function
+ should enumerate. The possible values may be any of the following or
+ a combination of the following:
+
+
+SV_TYPE_WORKSTATION 0x00000001 All workstations
+SV_TYPE_SERVER 0x00000002 All servers
+SV_TYPE_SQLSERVER 0x00000004 Any server running with SQL
+ server
+SV_TYPE_DOMAIN_CTRL 0x00000008 Primary domain controller
+SV_TYPE_DOMAIN_BAKCTRL 0x00000010 Backup domain controller
+SV_TYPE_TIME_SOURCE 0x00000020 Server running the timesource
+ service
+SV_TYPE_AFP 0x00000040 Apple File Protocol servers
+SV_TYPE_NOVELL 0x00000080 Novell servers
+SV_TYPE_DOMAIN_MEMBER 0x00000100 Domain Member
+SV_TYPE_PRINTQ_SERVER 0x00000200 Server sharing print queue
+SV_TYPE_DIALIN_SERVER 0x00000400 Server running dialin service.
+SV_TYPE_XENIX_SERVER 0x00000800 Xenix server
+SV_TYPE_NT 0x00001000 NT server
+SV_TYPE_WFW 0x00002000 Server running Windows for
+
+
+
+Leach, Naik [Page 11] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ Workgroups
+SV_TYPE_SERVER_NT 0x00008000 Windows NT non DC server
+SV_TYPE_POTENTIAL_BROWSER 0x00010000 Server that can run the browser
+ service
+SV_TYPE_BACKUP_BROWSER 0x00020000 Backup browser server
+SV_TYPE_MASTER_BROWSER 0x00040000 Master browser server
+SV_TYPE_DOMAIN_MASTER 0x00080000 Domain Master Browser server
+SV_TYPE_LOCAL_LIST_ONLY 0x40000000 Enumerate only entries marked
+ "local"
+SV_TYPE_DOMAIN_ENUM 0x80000000 Enumerate Domains. The pszServer
+ and pszDomain parameters must be
+ NULL.
+
+@ A null terminated ASCII string representing the pszDomain parameter
+ described above
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Value Description
+NERR_Success 0 No errors encountered
+ERROR_MORE_DATA 234 Additional data is available
+NERR_ServerNotStarted 2114 The RAP service on the remote
+ computer is not running
+NERR_BadTransactConfig 2141 The server is not configured for
+ transactions, IPC$ is not shared
+
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the number of entries returned.
+@ A 16 bit number representing the total number of available entries.
+ If the supplied buffer is large enough, this will equal the number of
+ entries returned.
+
+Transaction Response Data section
+
+The return data section consists of a number of SHARE_INFO_1 structures.
+The number of such structures present is determined by the third entry
+(described above) in the return parameters section.
+
+At level detail 0, the Transaction response data section contains a
+number of SERVER_INFO_0 data structure. The number of such structures is
+equal to the 16 bit number returned by the server in the third parameter
+in the Transaction response parameter section. The SERVER_INFO_0 data
+structure is defined as:
+
+
+ struct SERVER_INFO_0 {
+ char sv0_name[16];
+ };
+
+
+Leach, Naik [Page 12] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+ where:
+
+ sv0_name is a null-terminated string that specifies the name of a
+ computer or domain .
+
+At level detail 1, the Transaction response data section contains a
+number of SERVER_INFO_1 data structure. The number of such structures is
+equal to the 16 bit number returned by the server in the third parameter
+in the Transaction response parameter section. The SERVER_INFO_1 data
+structure is defined as:
+
+
+ struct SERVER_INFO_1 {
+ char sv1_name[16];
+ char sv1_version_major;
+ char sv1_version_minor;
+ unsigned long sv1_type;
+ char *sv1_comment_or_master_browser;
+ };
+
+ sv1_name contains a null-terminated string that specifies the name
+ of a computer.
+
+ sv1_version_major specifies the major release version number of
+ the networking software the server is running. This is entirely
+ informational and something the caller of the NetServerEnum2
+ function gets to see.
+
+ sv1_version_minor specifies the minor release version number of
+ the networking software the server is running. This is entirely
+ informational and something the caller of the NetServerEnum2
+ function gets to see.
+
+ sv1_type specifies the type of software the computer is running.
+ The member can be one or a combination of the values defined above
+ in the Transaction request parameters section for fServerType.
+
+ sv1_comment_or_master_browser points to a null-terminated string. If
+ the sv1_type indicates that the entry is for a domain, this
+ specifies the name of the domain master browser; otherwise, it
+ specifies a comment describing the server. The comment can be a null
+ string or the pointer may be a null pointer.
+
+ In case there are multiple SERVER_INFO_1 data structures to
+ return, the server may put all these fixed length structures in
+ the return buffer, leave some space and then put all the variable
+ length data (the actual value of the sv1_comment strings) at the
+ end of the buffer.
+
+There is no auxiliary data to receive.
+
+7. NetServerGetInfo
+
+
+
+
+
+Leach, Naik [Page 13] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+The NetServerGetInfo function returns information about the specified
+server. The definition is:
+
+ unsigned short NetServerGetInfo(
+ unsigned short sLevel;
+ RCVBUF pbBuffer;
+
+ RCVBUFLEN cbBuffer;
+ unsigned short *pcbTotalAvail;
+ );
+
+ where:
+
+ sLevel specifies the level of detail returned. (Legal values are
+ 0 and 1)
+
+ pbBuffer points to the buffer to receive the returned data.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcbTotalAvail points to a 16 bit variable that receives a count of
+ the total number of bytes of information available. This count is
+ valid only if NetServerGetInfo returns the
+ NERR_Success or ERROR_MORE_DATA values.
+
+ The return value is one of the following:
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetServerGetInfo which is 13.
+@ The parameter descriptor string which is "WrLh"
+@ The data descriptor string for the (returned) data which is "B16" for
+ level detail 0 or "B16BBDz" for level detail 1.
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A 16 bit integer with a value of 0 or 1 (corresponding to the "W" in
+ the parameter descriptor string. This represents the level of detail
+ the server is expected to return
+@ A 16 bit integer that contains the size of the receive buffer.
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+Code Value Description
+NERR_Success 0 No errors encountered
+
+
+
+Leach, Naik [Page 14] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ERROR_MORE_DATA 234 Additional data is available
+NERR_ServerNotStarted 2114 The RAP service on the remote
+ computer is not running
+NERR_BadTransactConfig 2141 The server is not configured for
+ transactions, IPC$ is not shared
+
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the total number of available bytes.
+ This has meaning only if the return status is NERR_Success or
+ ERROR_MORE_DATA. In case of success, this will indicate the number of
+ useful bytes available. In case of failure, this indicates the
+ required size of the receive buffer.
+
+Transaction Response Data section
+
+At level detail 0, the Transaction response data section contains a
+SERVER_INFO_0 data structure. The SERVER_INFO_0 data structure is
+defined in section 7.4
+
+At level detail 1, the Transaction response data section contains a
+SERVER_INFO_1 data structure. The SERVER_INFO_1 data structure is
+defined in section 7.4
+
+There is no auxiliary data to receive.
+
+8. NetShareGetInfo
+
+ The NetShareGetInfo function retrieves information about a particular
+ shared resource on a CIFS server. The definition is:
+
+ unsigned short NetShareGetInfo(
+ char *pszNetName;
+ unsigned short sLevel;
+ RCVBUF pbBuffer;
+ RCVBUFLEN cbBuffer;
+ unsigned short *pcbTotalAvail;
+ );
+
+ where:
+
+ pszNetName points to an ASCII null-terminated string specifying
+ the name of the shared resource for which information should be
+ retrieved.
+
+ sLevel specifies the level of detail returned. (Legal values are
+ 0, 1 and 2)
+
+ pbBuffer points to the buffer to receive the returned data.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcbTotalAvail points to a 16 bit variable that receives a count of
+ the total number of bytes of information available. This count is
+
+
+
+
+Leach, Naik [Page 15] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ valid only if NetShareGetInfo returns the NERR_Success or
+ ERROR_MORE_DATA values.
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetServerGetInfo which is 1.
+@ The parameter descriptor string which is "zWrLh"
+@ The data descriptor string for the (returned) data which is "B13" for
+ level detail 0 or "B13BWz" for level detail 1 or "B13BWzWWWzB9B"
+ for level detail 2.
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A null terminated ASCII string indicating the share for which
+ information should be retrieved.
+@ A 16 bit integer with a value of 0, 1 or 2 (corresponding to the "W"
+ in the parameter descriptor string. This represents the level of
+ detail the server is expected to return
+@ A 16 bit integer that contains the size of the receive buffer.
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+Code Value Description
+NERR_Success 0 No errors encountered
+ERROR_MORE_DATA 234 Additional data is available
+NERR_ServerNotStarted 2114 The RAP service on the remote
+ computer is not running
+NERR_BadTransactConfig 2141 The server is not configured for
+ transactions, IPC$ is not shared
+
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the total number of available bytes.
+ This has meaning only if the return status is NERR_Success or
+ ERROR_MORE_DATA. Upon success, this number indicates the number of
+ useful bytes available. Upon failure, this indicates how big the
+ receive buffer needs to be.
+
+Transaction Response Data section
+
+At level detail 0, the Transaction response data section contains a
+SHARE_INFO_0 data structure, which is defined as:
+
+
+ struct SHARE_INFO_0 {
+ char shi1_netname[13]
+ }
+
+
+
+Leach, Naik [Page 16] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+
+where:
+
+ shi0_netname contains an ASCIIZ string that specifies the share
+ name of the resource.
+
+At level detail 1, the Transaction response data section contains a
+SHARE_INFO_1 data structure, which is defined as:
+
+
+ struct SHARE_INFO_1 {
+ char shi1_netname[13]
+ char shi1_pad;
+ unsigned short shi1_type
+ char *shi1_remark;
+ }
+
+
+where
+
+ shi1_netname contains an ASCIIZ string that specifies the share
+ name of the resource.
+
+ shi1_pad aligns the next data structure element to a word
+ boundary.
+
+ shi1_type contains an integer that specifies the type of the
+ shared resource. The possible values are:
+
+Name Value Description
+STYPE_DISKTREE 0 Disk Directory Tree
+STYPE_PRINTQ 1 Printer Queue
+STYPE_DEVICE 2 Communications device
+STYPE_IPC 3 Inter process communication (IPC)
+
+
+ shi1_remark points to a null-terminated string that specifies a
+ comment describing the share. The comment can be a null string or
+ the pointer may be a null pointer.
+ The shi1_remark pointer is a 32 bit pointer. The higher 16 bits
+ must be ignored. The converter word returned in the parameters
+ section needs to be subtracted from the lower 16 bits to calculate
+ an offset into the return buffer where this ASCII string resides.
+
+At level detail 2, the Transaction response data section contains a
+SHARE_INFO_2 data structure, which is defined as:
+
+
+ struct SHARE_INFO_2 {
+ char shi2_netname[13]
+ char shi2_pad;
+ unsigned short shi2_type
+ char * shi2_remark;
+ unsigned short shi2_permissions;
+ unsigned short shi2_max_uses;
+ unsigned short shi2_current_uses;
+ unsigned short shi2_path;
+ unsigned short shi2_passwd[9]
+
+
+
+Leach, Naik [Page 17] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+ unsigned short shi2_pad2;
+ }
+
+where
+
+ shi2_netname contains a null terminated ASCII string that
+ specifies the share name of the resource.
+
+ shi2_pad aligns the next data strructure element to a word
+ boundary.
+
+ shi2_type contains an integer that specifies the type of the
+ shared resource. The possible values are:
+
+
+Name Value Description
+STYPE_DISKTREE 0 Disk Directory Tree
+STYPE_PRINTQ 1 Printer Queue
+STYPE_DEVICE 2 Communications device
+STYPE_IPC 3 Inter process
+ communication (IPC)
+
+
+ shi2_remark is a pointer to a null terminated ASCII string
+ specifying a comment for the share
+
+ shi2_permissions specifies the permissions on the shared resource
+ if the CIFS server is operating with share level security. The
+ values are this element can take are defined as a series of bit
+ masks that may be OR�ed with each other. The bit mask values are:
+
+
+Name Bit Mask Value Description
+ACCESS_READ 0x01 Permission to read & execute from resource
+ACCESS_WRITE 0x02 Permission to write data to resource
+ACCESS_CREATE 0x04 Permission to create an instance of the
+ resource
+ACCESS_EXEC 0x08 Permission to execute from resource
+ACCESS_DELETE 0x10 Permission to delete the resource
+ACCESS_ATRIB 0x20 Permission to modify the resource
+ attributes such as date & time of last
+ modification, etc
+ACCESS_PERM 0x40 Permission to change permissions on the
+ resource
+ACCESS_ALL 0x7F All of the above permissions
+
+ shi2_max_uses specifies the maximum number of current uses the
+ shared resource can accommodate. A Value of -1 indicates there is
+ no limit.
+
+ shi2_current_uses specifies the current number of connections to
+ the resource
+
+ shi2_path point to an ASCIIZ string that contains the local (on
+ the remote CIFS server) path name of the shared resource.
+
+
+
+
+Leach, Naik [Page 18] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ @ For printer resources, shi2_path specifies the name of the
+ printer queue being shared
+ @ For disk devices, shi2_path specifies the path being shared
+ @ For communication device queues, shi2_path specifies the name of
+ the of the communication device
+ @ For ADMIN$ or IPC$ resources, shi2_path must be a null pointer
+
+ shi2_passwd specifies the password for the resource in case the
+ CIFS server is running with share level security. For CIFS servers
+ running with user level security, this field is set to null and is
+ ignored.
+
+ shi2_pad2 is just a pad byte
+
+ All of the pointers to an ASCII string in this data structure
+ (shi2_remark and shi2_path) need to be treated specially. The
+ pointer is a 32 bit pointer. The higher 16 bits need to be
+ ignored. The converter word returned in the parameters section
+ needs to be subtracted from the lower 16 bits to calculate an
+ offset into the return buffer where this ASCII string resides.
+
+
+There is no auxiliary data in the response.
+
+9. NetwkstaUserLogon
+
+This is a function executed on a remote CIFS server to log on a user.
+The purpose is to perform checks such as whether the specified user is
+permitted to logon from the specified computer, whether the specified
+user is permitted to log on at the given moment, etc. as well as perform
+housekeeping and statistics updates.
+
+There is a password field in the parameters for this function. However,
+this field is always set to null before the function is sent on the
+wire, in order to preserve security. The remote CIFS server ignores this
+meaningless password that is sent. The remote CIFS server ensures
+security by checking that the user name and computer name that are in
+the request parameters are the same used to establish the session and
+connection to the IPC$ share on the remote CIFS server.
+
+The definition is:
+
+ unsigned short NetWkstaUserLogon(
+ char *reserved1;
+ char *reserved2;
+ unsigned short sLevel;
+ BYTE bReqBuffer[54];
+ unsigned short cbReqBuffer;
+ RCVBUF pbBuffer;
+ RCVBUFLEN cbBuffer;
+ unsigned short *pcbTotalAvail;
+ );
+
+ where:
+
+
+
+
+Leach, Naik [Page 19] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ reserved1 and reserved2 are reserved fields and must be null.
+
+ sLevel specifies the level of detail returned. The only legal
+ value is 1.
+
+ pbReqBuffer points to the request buffer. This buffer contains
+ parameters that need to be sent to the server. The actual value
+ and structure is defined in the Transaction Request Parameters
+ section.
+
+ cbReqBuffer specifies the size, in bytes, of the buffer pointed to
+ by the pbReqBuffer parameter. The value must be decimal 54.
+
+ pbBuffer points to the buffer to receive the returned data.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcbTotalAvail is a pointer to an unsigned short which gets filled
+ with the total number of data bytes available if the function
+ succeeds.
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetWkstaUserLogon which is 132.
+@ The parameter descriptor string which is "OOWb54WrLh"
+@ The data descriptor string for the (returned) data which is
+ "WB21BWDWWDDDDDDDzzzD"
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A 16 bit integer with a value of 1 (corresponding to the "W" in the
+ parameter descriptor string. This represents the level of detail the
+ server is expected to return)
+@ a byte array of length 54 bytes. These 54 bytes are defined as
+
+ char wlreq1_name[21]; // User Name
+ char wlreq1_pad1; //Pad next field to a word boundary
+ char wlreq1_password[15]; //Password, set to null, ignored by
+ server
+ char wlreq1_pad2; //Pad next field to word boundary
+ char wlreq1_workstation[16]; //ASCII name of computer
+@ A 16 bit integer with a value of 54
+@ A 16 bit integer that contains the size of the receive buffer
+
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+
+
+
+Leach, Naik [Page 20] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Valu Description
+ e
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+NERR_LogonScriptError 2212 An error occurred while loading or
+ running the logon script
+NERR_StandaloneLogon 2214 The logon was not validated by any
+ server
+NERR_NonValidatedLogon 2217 The logon server is running an
+ older software version and cannot
+ validate the logon
+NERR_InvalidWorkstation 2240 The user is not allowed to logon
+ from this computer
+NERR_InvalidLogonHours 2241 The user is not allowed to logon at
+ this time
+NERR_PasswordExpired 2242 The user password has expired
+
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the total number of available bytes.
+ This has meaning only if the return status is NERR_Success or
+ ERROR_MORE_DATA. Upon success, this number indicates the number of
+ useful bytes available. Upon failure, this indicates how big the
+ receive buffer needs to be.
+
+Transaction Response Data section
+
+The Transaction response data section contains a data structure
+user_logon_info_1 which is defined as:
+
+
+ struct user_logon_info_1 {
+ unsigned short usrlog1_code;
+ char usrlog1_eff_name[21];
+ char usrlog1_pad_1;
+ unsigned short usrlog1_priv;
+ unsigned long usrlog1_auth_flags;
+ unsigned short usrlog1_num_logons;
+ unsigned short usrlog1_bad_pw_count;
+ unsigned long usrlog1_last_logon;
+ unsigned long usrlog1_last_logoff;
+ unsigned long usrlog1_logoff_time;
+ unsigned long usrlog1_kickoff_time;
+ long usrlog1_password_age;
+ unsigned long usrlog1_pw_can_change;
+ unsigned long usrlog1_pw_must_change;
+ char *usrlog1_computer;
+ char *usrlog1_domain;
+ char *usrlog1_script_path;
+ unsigned long usrlog1_reserved1;
+ };
+
+where:
+
+
+Leach, Naik [Page 21] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+ usrlog1_code specifies the result and can have the following values:
+
+Code Valu Description
+ e
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+NERR_LogonScriptError 2212 An error occurred while loading or
+ running the logon script
+NERR_StandaloneLogon 2214 The logon was not validated by any
+ server
+NERR_NonValidatedLogon 2217 The logon server is running an
+ older software version and cannot
+ validate the logon
+NERR_InvalidWorkstation 2240 The user is not allowed to logon
+ from this computer
+NERR_InvalidLogonHours 2241 The user is not allowed to logon at
+ this time
+NERR_PasswordExpired 2242 Administrator privilege
+
+
+ usrlog1_eff_name specifies the account to which the user was logged on
+
+ usrlog1_pad1 aligns the next data structure element to a word boundary
+
+ usrlog1_priv specifies the user�s privilege level. The possible values
+ are:
+
+Name Value Description
+USER_PRIV_GUEST 0 Guest privilege
+USER_PRIV_USER 1 User privilege
+USER_PRV_ADMIN 2 Administrator privilege
+
+ usrlog1_auth_flags specifies the account operator privileges. The
+ possible values are:
+
+Name Value Description
+AF_OP_PRINT 0 Print operator
+AF_OP_COMM 1 Communications operator
+AF_OP_SERVER 2 Server operator
+AF_OP_ACCOUNTS 3 Accounts operator
+
+ usrlog1_num_logons specifies the number of times this user has logged
+ on. A value of -1 means the number of logons is unknown.
+
+ usrlog1_bad_pw_count specifies the number of incorrect passwords
+ entered since the last successful logon.
+
+ usrlog1_last_logon specifies the time when the user last logged on.
+ This value is stored as the number of seconds elapsed since
+ 00:00:00, January 1, 1970.
+
+ usrlog1_last_logoff specifies the time when the user last logged off.
+ This value is stored as the number of seconds elapsed since
+
+
+Leach, Naik [Page 22] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ 00:00:00, January 1, 1970. A value of 0 means the last logoff
+ time is unknown.
+
+ usrlog1_logoff_time specifies the time when the user should logoff.
+ This value is stored as the number of seconds elapsed since
+ 00:00:00, Jan 1, 1970. A value of -1 means the user never has to
+ logoff.
+
+ usrlog1_kickoff_time specifies the time when the user will be logged
+ off by the system. This value is stored as the number of seconds
+ elapsed since 00:00:00, Jan 1, 1970. A value of -1 means the
+ system will never logoff the user.
+
+ usrlog1_password_age specifies the time in seconds since the user
+ last changed his/her password.
+
+ usrlog1_password_can_change specifies the time when the user can
+ change the password. This value is stored as the number of
+ seconds elapsed since 00:00:00, Jan 1, 1970. A value of -1 means
+ the user can never change the password.
+
+ usrlog1_password_must_change specifies the time when the user must
+ change the password. This value is stored as the number of
+ seconds elapsed since 00:00:00, Jan 1, 1970.
+
+ usrlog1_computer specifies the computer where the user is logged on.
+
+ usrlog1_script_path specifies the relative path to the user logon
+ script.
+
+ usrlog1_reserved is reserved with an undefined value.
+
+The following table defines the valid fields in the user_logon_info_1
+structure based upon the return values::
+
+function return code usrlog1_code element Valid elements of
+ logoff_info_1
+NERR_Success NERR_Success All
+NERR_Success NERR_StandaloneLogon None except usrlog1_code
+ERROR_ACCESS_DENIED NERR_PasswordExpired None except usrlog1_code
+ERROR_ACCESS_DENIED NERR_InvalidWorkstation None except usrlog1_code
+ERROR_ACCESS_DENIED NERR_InvalidLogonhours None except usrlog1_code
+ERROR_ACCESS_DENIED NERR_LogonScriptError None except usrlog1_code
+ERROR_ACCESS_DENIED ERROR_ACCESS_DENIED None except usrlog1_code
+All other errors None; the code is None
+ meaningless
+
+All of the pointers in this data structure need to be treated
+specially. The pointer is a 32 bit pointer. The higher 16 bits need
+to be ignored. The converter word returned in the parameters section
+needs to be subtracted from the lower 16 bits to calculate an offset
+into the return buffer where this ASCII string resides.
+
+There is no auxiliary data in the response.
+
+
+Leach, Naik [Page 23] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+10. NetwkstaUserLogoff
+
+This is a function executed on a remote CIFS server to log on a user.
+The purpose is to perform some checks and accomplish housekeeping and
+statistics updates.
+
+The definition is:
+
+ unsigned short NetWkstaUserLogoff(
+ char *reserved1;
+ char *reserved2;
+ unsigned short sLevel;
+ BYTE bReqBuffer[54];
+ unsigned short cbReqBuffer;
+ REQBUF pbBuffer;
+ REQBUFLEN cbBuffer;
+ unsigned short *pcbTotalAvail;
+ );
+
+ where:
+
+ reserved1 and reserved2 are reserved fields and must be null.
+
+ sLevel specifies the level of detail returned. The only legal
+ value is 1.
+
+ pbReqBuffer points to the request buffer. This buffer contains
+ parameters that need to be sent to the server. The actual value
+ and structure is defined in the Transaction Request Parameters
+ section.
+
+ cbReqBuffer specifies the size, in bytes, of the buffer pointed to
+ by the pbReqBuffer parameter. The value must be decimal 54.
+
+ pbBuffer points to the buffer to receive the returned data.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcbTotalAvail is a pointer to an unsigned short which gets filled
+ with the total number of data bytes available if the function
+ succeeds.
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetWkstaUserLogoff which is 133.
+@ The parameter descriptor string which is "zzWb38WrLh"
+@ The data descriptor string for the (returned) data which is "WDW"
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A null pointer
+
+
+
+Leach, Naik [Page 24] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+@ Another null pointer
+@ A 16 bit integer with a value of 1 (corresponding to the "W" in the
+ parameter descriptor string. This represents the level of detail the
+ server is expected to return)
+@ An array of length 38 bytes. These 38 bytes are defined as
+
+ char wlreq1_name[21]; // User Name
+ char wlreq1_pad1; //Pad next field to a word
+ boundary
+ char wlreq1_workstation[16]; //ASCII name of computer
+@ A 16 bit integer with a value of decimal 38.
+@ A 16 bit integer that contains the size of the receive buffer
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Value Description
+NERR_Success 0 No errors encountered
+NERR_StandaloneLogon 2214 The logon was not validated by any
+ server
+NERR_NonValidatedLogon 2217 The logon server is running an older
+ software version and cannot validate the
+ logoff
+
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the total number of available bytes.
+ This has meaning only if the return status is NERR_Success or
+ ERROR_MORE_DATA. Upon success, this number indicates the number of
+ useful bytes available. Upon failure, this indicates how big the
+ receive buffer needs to be.
+
+Transaction Response Data section
+
+The Transaction response data section contains a data structure
+user_logoff_info_1 which is defined as:
+
+
+ struct user_logoff_info_1 {
+ unsigned short usrlogf1_code;
+ unsigned long usrlogf1_duration;
+ unsigned short usrlogf1_num_logons;
+ };
+
+where:
+
+ usrlogf1_code specifies the result and can have the following values:
+
+Code Value Description
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+
+
+Leach, Naik [Page 25] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+NERR_InvalidWorkstation 2240 The user is not allowed to logon from
+ this computer
+
+ usrlogf1_duration specifies the time in number of seconds for which
+ the user was logged
+
+ usrlogf1_num_logons specifies the number of times this user has logged
+ on. A value of -1 indicates the number is unknown.
+
+The following table defines the valid fields in the logoff_info_1
+structure based upon the return values::
+
+function usrlogf11_code Valid elements of logoff_info_1
+return code element
+NERR_Success NERR_Success All
+NERR_Success NERR_StandaloneLogon None except usrlogf1_code
+All other None; the code is None
+errors meaningless
+
+There is no auxiliary data in the response.
+
+
+11. NetUserGetInfo
+
+This is a function executed on a remote CIFS server to obtain detailed
+information about a particular user.
+
+The definition is:
+
+ unsigned short NetUserGetInfo(
+ char *pszUser;
+ unsigned short sLevel;
+ RCVBUF pBuffer;
+ RCVBUFLEN cbBuffer;
+ unsigned short *pcbTotalAvail;
+ );
+
+ where:
+
+ pszUser points to a null terminated ASCII string signifying the
+ name of the user for which information should be retrieved.
+
+ sLevel specifies the level of detail returned. The only legal
+ value is 11.
+
+ pbBuffer points to the buffer to receive the returned data.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcbTotalAvail is a pointer to an unsigned short which gets filled
+ with the total number of data bytes available if the function
+ succeeds.
+
+Transaction Request Parameters section
+
+
+Leach, Naik [Page 26] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetUserGetInfo which is 56.
+@ The parameter descriptor string which is "zWrLh"
+@ The data descriptor string for the (returned) data which is
+ "B21BzzzWDDzzDDWWzWzDWb21W"
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A null terminated ASCII string indicating the user for which
+ information should be retrieved.
+@ A 16 bit integer with a value of decimal 11 (corresponding to the "W"
+ in the parameter descriptor string. This represents the level of
+ detail the server is expected to return)
+@ A 16 bit integer that contains the size of the receive buffer
+
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Valu Description
+ e
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+ERROR_MORE_DATA 234 additional data is available
+NERR_BufTooSmall 2123 The supplied buffer is too small
+NERR_UserNotFound 2221 The user name was not found
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the total number of available bytes.
+ This has meaning only if the return status is NERR_Success or
+ ERROR_MORE_DATA. Upon success, this number indicates the number of
+ useful bytes available. Upon failure, this indicates how big the
+ receive buffer needs to be.
+
+Transaction Response Data section
+
+The Transaction response data section contains a data structure
+user_logon_info_1 which is defined as:
+
+
+ struct user_info_11 {
+ char usri11_name[21];
+ char usri11_pad;
+ char *usri11_comment;
+ char *usri11_usr_comment;
+ char *usri11_full_name;
+ unsigned short usri11_priv;
+ unsigned long usri11_auth_flags;
+
+
+
+Leach, Naik [Page 27] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+ long usri11_password_age;
+ char *usri11_homedir;
+ char *usri11_parms;
+ long usri11_last_logon;
+ long usri11_last_logoff;
+ unsigned short usri11_bad_pw_count;
+ unsigned short usri11_num_logons;
+ char *usri11_logon_server;
+ unsigned short usri11_country_code;
+ char *usri11_workstations;
+ unsigned long usri11_max_storage;
+ unsigned short usri11_units_per_week;
+ unsigned char *usri11_logon_hours;
+ unsigned short usri11_code_page;
+ };
+
+where:
+
+ usri11_name specifies the user name for which information is retireved
+
+ usri11_pad aligns the next data structure element to a word boundary
+
+ usri11_comment is a null terminated ASCII comment
+
+ usri11_user_comment is a null terminated ASCII comment about the user
+
+ usri11_full_name is a null terminated ASCII specifying the full name
+ of the user
+
+ usri11_priv specifies the level of the privilege assigned to the user.
+ The possible values are:
+
+Name Value Description
+USER_PRIV_GUEST 0 Guest privilege
+USER_PRIV_USER 1 User privilege
+USER_PRV_ADMIN 2 Administrator privilege
+
+ usri11_auth_flags specifies the account operator privileges. The
+ possible values are:
+
+Name Value Description
+AF_OP_PRINT 0 Print operator
+AF_OP_COMM 1 Communications operator
+AF_OP_SERVER 2 Server operator
+AF_OP_ACCOUNTS 3 Accounts operator
+
+
+ usri11_password_age specifies how many seconds have elapsed since the
+ password was last changed.
+
+ usri11_home_dir points to a null terminated ASCII string that contains
+ the path name of the user's home directory.
+
+
+
+
+Leach, Naik [Page 28] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ usri11_parms points to a null terminated ASCII string that is set
+ aside for use by applications.
+
+ usri11_last_logon specifies the time when the user last logged on.
+ This value is stored as the number of seconds elapsed since
+ 00:00:00, January 1, 1970.
+
+ usri11_last_logoff specifies the time when the user last logged off.
+ This value is stored as the number of seconds elapsed since
+ 00:00:00, January 1, 1970. A value of 0 means the last logoff
+ time is unknown.
+
+ usri11_bad_pw_count specifies the number of incorrect passwords
+ entered since the last successful logon.
+
+ usri11_log1_num_logons specifies the number of times this user has
+ logged on. A value of -1 means the number of logons is unknown.
+
+ usri11_logon_server points to a null terminated ASCII string that
+ contains the name of the server to which logon requests are sent.
+ A null string indicates logon requests should be sent to the
+ domain controller.
+
+ usri11_country_code specifies the country code for the user's language
+ of choice.
+
+ usri11_workstations points to a null terminated ASCII string that
+ contains the names of workstations the user may log on from.
+ There may be up to 8 workstations, with the names separated by
+ commas. A null strings indicates there are no restrictions.
+
+ usri11_max_storage specifies the maximum amount of disk space the user
+ can occupy. A value of 0xffffffff indicates there are no
+ restrictions.
+
+ usri11_units_per_week specifies the equal number of time units into
+ which a week is divided. This value must be equal to 168.
+
+ usri11_logon_hours points to a 21 byte (168 bits) string that
+ specifies the time during which the user can log on. Each bit
+ represents one unique hour in a week. The first bit (bit 0, word
+ 0) is Sunday, 0:00 to 0:59, the second bit (bit 1, word 0) is
+ Sunday, 1:00 to 1:59 and so on. A null pointer indicates there
+ are no restrictions.
+
+ usri11_code_page specifies the code page for the user's language of
+ choice
+
+All of the pointers in this data structure need to be treated
+specially. The pointer is a 32 bit pointer. The higher 16 bits need
+to be ignored. The converter word returned in the parameters section
+needs to be subtracted from the lower 16 bits to calculate an offset
+into the return buffer where this ASCII string resides.
+
+
+
+Leach, Naik [Page 29] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+There is no auxiliary data in the response.
+
+12. NetWkstaGetInfo
+
+This is a function executed on a remote CIFS server to obtain detailed
+information about a workstation.
+
+The definition is:
+
+ unsigned short NetWkstaGetInfo(
+ unsigned short sLevel;
+ RCVBUF pBuffer;
+ RCVBUFLEN cbBuffer;
+ unsigned short *pcbTotalAvail;
+ );
+
+ where:
+
+ sLevel specifies the level of detail returned. The only legal
+ value is 10.
+
+ pbBuffer points to the buffer to receive the returned data.
+
+ cbBuffer specifies the size, in bytes, of the buffer pointed to by
+ the pbBuffer parameter.
+
+ pcbTotalAvail is a pointer to an unsigned short which gets filled
+ with the total number of data bytes available if the function
+ succeeds.
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for NetWkstaGetInfo which is 63.
+@ The parameter descriptor string which is "WrLh"
+@ The data descriptor string for the (returned) data which is
+ "zzzBBzz".
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A 16 bit integer with a value of decimal 10 (corresponding to the "W"
+ in the parameter descriptor string. This represents the level of
+ detail the server is expected to return)
+@ A 16 bit integer that contains the size of the receive buffer
+
+
+Transaction Request Data section
+
+There is no data or auxiliary data to send as part of the request.
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+
+
+
+Leach, Naik [Page 30] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Valu Description
+ e
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+ERROR_MORE_DATA 234 additional data is available
+NERR_BufTooSmall 2123 The supplied buffer is too small
+NERR_UserNotFound 2221 The user name was not found
+@ A 16 bit "converter" word.
+@ A 16 bit number representing the total number of available bytes.
+ This has meaning only if the return status is NERR_Success or
+ ERROR_MORE_DATA. Upon success, this number indicates the number of
+ useful bytes available. Upon failure, this indicates how big the
+ receive buffer needs to be.
+
+Transaction Response Data section
+
+The Transaction response data section contains a data structure
+user_logon_info_1 which is defined as:
+
+
+ struct user_info_11 {
+ char *wki10_computername;
+ char *wki10_username;
+ char *wki10_langroup;
+ unsigned char wki10_ver_major;
+ unsigned char wki10_ver_minor;
+ char *wki10_logon_domain;
+ char *wki10_oth_domains;
+ };
+
+where:
+
+ wki10_computername is a pointer to a NULL terminated ASCII string that
+ specifies the name of the workstation.
+
+ wki10_username is a pointer to a NULL terminated ASCII string that
+ specifies the user who is logged on at the workstation.
+
+ wki10_langroup is a pointer to a NULL terminated ASCII string that
+ specifies the domain to which the workstation belongs.
+
+ wki10_ver_major specifies the major version number of the networking
+ software the workstation is running.
+
+ wki10_ver_minor specifies the minor version number of the networking
+ software the workstation is running.
+
+ wki10_logon domain is a pointer to a NULL terminated ASCII string that
+ specifies the domain for which a user is logged on.
+
+ wki10_oth domain is a pointer to a NULL terminated ASCII string that
+ specifies all domains in which the computer is enlisted.
+
+
+
+Leach, Naik [Page 31] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+All of the pointers in this data structure need to be treated
+specially. The pointer is a 32 bit pointer. The higher 16 bits need
+to be ignored. The converter word returned in the parameters section
+needs to be subtracted from the lower 16 bits to calculate an offset
+into the return buffer where this ASCII string resides.
+
+There is no auxiliary data in the response.
+
+
+13. SamOemChangePassword
+
+This is a function executed on a remote CIFS server to change a user�s
+password.
+
+The definition is:
+
+ unsigned short SamOemChangePassword(
+ uchar *UserName;
+ uchar *OldPassword;
+ uchar *NewPassword;
+ );
+
+ where:
+
+ UserName is a pointer to a NULL terminated ASCII string
+ representing the name of the user for which the password should be
+ changed.
+
+ OldPassword is a pointer to a NULL terminated ASCII string
+ representing the current password of the user
+
+ NewPassword is a pointer to a NULL terminated ASCII string
+ representing the new password of the
+
+Transaction Request Parameters section
+
+The Transaction request parameters section in this instance contains:
+
+@ The 16 bit function number for SamOEMChangePassword which is 214.
+@ The parameter descriptor string which is "zsT"
+@ The actual parameters as described by the parameter descriptor
+ string.
+
+The parameters are:
+@ A null terminated ASCII string that represents the name of the user
+ for whom the password is being changed.
+@ A word with a value of 532 representing the size of the data buffer.
+
+
+Transaction Request Data section
+
+The data buffer to be sent consists of 532 bytes of data. The first 516
+bytes represent the new password in an encrypted form. The last 16 bytes
+represent the old password in an encrypted form.
+
+
+
+
+Leach, Naik [Page 32] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+The new password is represented by the structure
+
+
+ struct {
+ char NewPasswordBuffer[512];
+ long LengthofNewPasswordInBytes;
+ }
+
+The new password is stored in plain text form at the end of the buffer
+and the length of the new password is stored in the second member of the
+structure. The whole structure is encrypted using RC4. The RC4 key used
+is the One Way Transformation (described below) of the old password.
+
+The RC4 encryption of the One Way Transformation of the old password
+constitutes the last 16 bytes of the data buffer. The RC4 key used is
+the One Way Transformation of the new password
+
+There is no auxiliary data to send as part of the request.
+
+
+One Way Transformation
+
+This section describes the algorithm used by CIFS to apply a one way
+transformation on data.
+
+Let
+E(K, D)
+ denote the DES block mode encryption function [5] , which accepts a
+ seven byte key (K) and an eight byte data block (D) and produces an
+ eight byte encrypted data block as its value.
+
+concat(A, B)
+ is the result of concatenating A and B
+
+Ex(K,D)
+ denote the extension of DES to longer keys and data blocks. If the
+ data to be encrypted is longer than eight bytes, the encryption
+ function is applied to each block of eight bytes in sequence and the
+ results are concatenated together. If the key is longer than seven
+ bytes, each 8 byte block of data is first completely encrypted using
+ the first seven bytes of the key, then the second seven bytes, etc.,
+ appending the results each time. For example, to encrypt the 16 byte
+ quantity D0D1 with the 14 byte key K0K1,
+
+ Ex(K0K1,D0D1) = concat(E(K0,D0),E(K0,D1),E(K1,D0),E(K1,D1))
+
+head(S, B)
+ denote the first B bytes of the byte string S.
+
+swab(S)
+ denote the byte string obtained by reversing the order of the bits in
+ each byte of S, i.e., if S is byte string of length one, with the
+ value 0x37 then swab(S) is 0xEC.
+
+
+
+
+Leach, Naik [Page 33] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+
+The One Way Transformation function is defined as:
+
+
+ OWF = Ex(swab(P14), N8)
+
+Where
+@ P14 is the data to encrypted. If P14 is the user�s password, it is a
+ clear, upper-cased text string, padded with blanks
+@ N8 is an 8 byte string whose value is available from Microsoft upon
+ request
+
+
+
+Transaction Response Parameters section
+
+The transaction response parameters section consists of:
+@ A 16 bit word indicating the return status. The possible values are:
+
+Code Valu Description
+ e
+NERR_Success 0 No errors encountered
+ERROR_ACCESS_DENIED 5 User has insufficient privilege
+ERROR-INVALID-PASSWORD 86 The specified password is invalid
+NERR_PasswordCantChange 2243 The password cannot be changed
+NERR_PasswordTooShort 2246 The password is too short
+
+Transaction Response Data section
+
+There is no Transaction Response Data to receive
+
+There is no auxiliary data in the response.
+
+
+
+14. Author's Addresses
+
+Paul Leach
+Dilip Naik
+Microsoft
+1 Microsoft Way
+Redmond, WA 98052
+paulle@microsoft.com
+v-dilipn@microsoft.com
+
+
+15. Appendix A
+
+Transaction SMBs
+
+These SMBs are used both to retrieve bulk data from the server (e.g.:
+enumerate shares, etc.) and to change the server's state (EG: add a new
+share, change file permissions, etc.) Transaction requests are also
+unusual because they can have a multiple part request and/or a multiple
+
+
+Leach, Naik [Page 34] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+part response. For this reason, transactions are handled as a set of
+sequenced commands to the server. Each part of a request is sent as a
+sequenced command using the same Mid value and an increasing Seq value.
+The server responds to each request piece except the last one with a
+response indicating that the server is ready for the next piece. The
+last piece is responded to with the first piece of the result data. The
+client then sends a transaction secondary SMB with ParameterDisplacement
+set to the number of parameter bytes received so far and
+DataDisplacement set to the number of data bytes received so far and
+ParameterCount, ParameterOffset, DataCount, and DataOffset set to zero
+(0). The server responds with the next piece of the transaction result.
+The process is repeated until all of the response information has been
+received. When the transaction has been completed, the redirector must
+send another sequenced command (an echo SMB will do fine) to the server
+to allow the server to know that the final piece was received and that
+resources allocated to the transaction command may be released.
+The flow is as follows, where (S) is the SequenceNumber, (N) is the
+number of request packets to be sent from the client to the server, and
+(M) is the number of response packets to be sent by the server to the
+client:
+
+
+ Client <-> Server
+ ======================= === ===========================
+
+ SMB(S) Transact ->
+ <- OK (S) send more data
+ [ repeat N-1 times:
+ SMB(S+1) Transact ->
+ secondary
+ <- OK (S+1) send more data
+ SMB(S+N-1)
+ ]
+ <- OK (S+N-1) transaction
+ response (1)
+ [ repeat M-1 times:
+ SMB(S+N) Transact ->
+ secondary
+ <- OK (S+N) transaction
+ response (2)
+ SMB(S+N+M-2) Transact ->
+ secondary
+ <- OK (S+N+M-2] transaction
+ response (M)
+ ]
+ SMB(S+N+M-1) Echo ->
+ <- OK (S+N+M-1) echoed
+
+
+In order to allow the server to detect clients which have been powered
+off, have crashed, etc., the client must send commands to the server
+periodically if it has resources open on the server. If nothing has
+been received from a client for awhile, the server will assume that the
+client is no longer running and disconnect the client. This includes
+closing any files that the client had open at the time and releasing any
+resources being used on behalf of the client. Clients should at least
+
+
+
+Leach, Naik [Page 35] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+send an echo SMB to the server every four (4) minutes if there is
+nothing else to send. The server will disconnect clients after a
+configurable amount of time which cannot be less than five (5) minutes.
+(Note: the NT server has a default timevalue of 15 minutes.)
+
+15.1.1 TRANSACTIONS
+
+SMB_COM_TRANSACTION performs a symbolically named transaction. This
+transaction is known only by a name (no file handle used).
+SMB_COM_TRANSACTION2 likewise performs a transaction, but a word
+parameter is used to identify the transaction instead of a name.
+SMB_COM_NT_TRANSACTION is used for commands that potentially need to
+transfer a large amount of data (greater than 64K bytes).
+
+15.1.1.1 SMB_COM_TRANSACTION AND SMB_COM_TRANSACTION2 FORMATS
+
+ Primary Client Request Description
+ =============================== ==================================
+
+ Command SMB_COM_TRANSACTION or
+ SMB_COM_TRANSACTION2
+
+ UCHAR WordCount; Count of parameter words; value
+ = (14 + SetupCount)
+ USHORT TotalParameterCount; Total parameter bytes being sent
+ USHORT TotalDataCount; Total data bytes being sent
+ USHORT MaxParameterCount; Max parameter bytes to return
+ USHORT MaxDataCount; Max data bytes to return
+ UCHAR MaxSetupCount; Max setup words to return
+ UCHAR Reserved;
+ USHORT Flags; Additional information:
+ bit 0 - also disconnect TID in
+ TID
+ bit 1 - one-way transaction (no
+ resp)
+ ULONG Timeout;
+ USHORT Reserved2;
+ USHORT ParameterCount; Parameter bytes sent this buffer
+ USHORT ParameterOffset; Offset (from header start) to
+ Parameters
+ USHORT DataCount; Data bytes sent this buffer
+ USHORT DataOffset; Offset (from header start) to data
+ UCHAR SetupCount; Count of setup words
+ UCHAR Reserved3; Reserved (pad above to word)
+ USHORT Setup[SetupCount]; Setup words (# = SetupWordCount)
+ USHORT ByteCount; Count of data bytes
+ STRING Name[]; Name of transaction (NULL if
+ SMB_COM_TRANSACTION2)
+ UCHAR Pad[]; Pad to SHORT or LONG
+ UCHAR Parameters[ParameterCount]; Parameter bytes (# =
+ ParameterCount)
+ UCHAR Pad1[]; Pad to SHORT or LONG
+ UCHAR Data[ DataCount ]; Data bytes (# = DataCount)
+
+
+ Interim Server Response Description
+
+
+
+Leach, Naik [Page 36] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+
+ =============================== =================================
+
+ UCHAR WordCount; Count of parameter words = 0
+ USHORT ByteCount; Count of data bytes = 0
+
+
+ Secondary Client Request Description
+ =============================== ==================================
+
+ Command SMB_COM_TRANSACTION_SECONDARY
+
+ UCHAR WordCount; Count of parameter words = 8
+ USHORT TotalParameterCount; Total parameter bytes being sent
+ USHORT TotalDataCount; Total data bytes being sent
+ USHORT ParameterCount; Parameter bytes sent this buffer
+ USHORT ParameterOffset; Offset (from header start) to
+ Parameters
+ USHORT ParameterDisplacement; Displacement of these Parameter
+ bytes
+ USHORT DataCount; Data bytes sent this buffer
+ USHORT DataOffset; Offset (from header start) to data
+ USHORT DataDisplacement; Displacement of these data bytes
+ USHORT Fid; FID for handle based requests,
+ else 0xFFFF. This field is
+ present only if this is an
+ SMB_COM_TRANSACTION2 request.
+ USHORT ByteCount; Count of data bytes
+ UCHAR Pad[]; Pad to SHORT or LONG
+ UCHAR Parameters[ParameterCount]; Parameter bytes (# =
+ ParameterCount)
+ UCHAR Pad1[]; Pad to SHORT or LONG
+ UCHAR Data[DataCount]; Data bytes (# = DataCount)
+
+
+ Server Response Description
+ =============================== ==================================
+
+ UCHAR WordCount; Count of data bytes; value = 10 +
+ SETUPCOUNT
+ USHORT TotalParameterCount; Total parameter bytes being sent
+ USHORT TotalDataCount; Total data bytes being sent
+ USHORT Reserved;
+ USHORT ParameterCount; Parameter bytes sent this buffer
+ USHORT ParameterOffset; Offset (from header start) to
+ Parameters
+ USHORT ParameterDisplacement; Displacement of these Parameter
+ bytes
+ USHORT DataCount; Data bytes sent this buffer
+ USHORT DataOffset; Offset (from header start) to data
+ USHORT DataDisplacement; Displacement of these data bytes
+ UCHAR SetupCount; Count of setup words
+ UCHAR Reserved2; Reserved (pad above to word)
+ USHORT Setup[SetupWordCount]; Setup words (# = SetupWordCount)
+ USHORT ByteCount; Count of data bytes
+ UCHAR Pad[]; Pad to SHORT or LONG
+ UCHAR Parameters[ParameterCount]; Parameter bytes (# =
+ ParameterCount)
+ UCHAR Pad1[]; Pad to SHORT or LONG
+
+
+
+Leach, Naik [Page 37] �
+
+
+INTERNET-DRAFT CIFS Remote Admin Protocol January 10, 1997
+
+
+ UCHAR Data[DataCount]; Data bytes (# = DataCount)
+
+
+
+
+16. Appendix B
+
+
+16.1 Marshaling and unmarshaling using descriptor strings
+
+TBD. This will be a note to explain how the descriptor strings can be
+used to drive a marshaling engine that can automatically marshal and
+unmarshal RAP messages and call local APIs whose calling sequences
+closely match the format of the RAP services.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Leach, Naik [Page 38] �
\ No newline at end of file
--
cgit v1.2.3