Hello dochelp,I have question related to the stage header structure that is sent in the first RECEIVING_STAGE packet (for a given file/folder).
With the help of ndrdump I have this content:./bin/ndrdump frsblobs decode_frsrpc_StageHeader in ~/workspace/samba/tcpdump/frs/header_plus_bkup
pull returned NT_STATUS_OK
decode_frsrpc_StageHeader: struct decode_frsrpc_StageHeader
in: struct decode_frsrpc_StageHeader
header: struct frsrpc_StageHeader
major : 0x00000000 (0)
minor : 0x00000003 (3)
dataHigh : 0x00000000 (0)
dataLow : 0x00000400 (1024)
compression : 0x0000 (0)
unused: ARRAY(6)
[0] : 0x00 (0)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
[4] : 0x00 (0)
[5] : 0x00 (0)
attributes: struct fscc_FileNetworkOpenInformation
creationTime : 0x01cc58223c9bc250
(129575393355874896)
lastAccessTime : 0x01cc6d34af7d2fe0
(129598562336845792)
lastWriteTime : 0x01cc58223c9bc250
(129575393355874896)
changeTime : 0x01cc582533025350
(129575406079726416)
allocSize : 0x0000000000000000 (0)
endOfFile : 0x0000000000000000 (0)
fileAttribute : 0x00000010 (16)
0: FSCC_FILE_ATTRIBUTE_READONLY
0: FSCC_FILE_ATTRIBUTE_HIDDEN
0: FSCC_FILE_ATTRIBUTE_SYSTEM
0: FSCC_FILE_ATTRIBUTE_NORMAL
1: FSCC_FILE_ATTRIBUTE_DIRECTORY
0: FSCC_FILE_ATTRIBUTE_ARCHIVE
0: FSCC_FILE_ATTRIBUTE_TEMPORARY
0: FSCC_FILE_ATTRIBUTE_SPARSE_FILE
0: FSCC_FILE_ATTRIBUTE_REPARSE_POINT
0: FSCC_FILE_ATTRIBUTE_COMPRESSED
0: FSCC_FILE_ATTRIBUTE_OFFLINE
0: FSCC_FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
0: FSCC_FILE_ATTRIBUTE_ENCRYPTED
reserved : 0x00000000 (0)
command: struct frsrpc_CommPktChangeOrderCommand
sequence_number : 0x00000009 (9)
flags : 0x00000000 (0)
0: FRSRPC_CO_FLAG_ABORT_CO
0: FRSRPC_CO_FLAG_VV_ACTIVATED
0: FRSRPC_CO_FLAG_CONTENT_CMD
0: FRSRPC_CO_FLAG_LOCATION_CMD
0: FRSRPC_CO_FLAG_ONLIST
0: FRSRPC_CO_FLAG_LOCALCO
0: FRSRPC_CO_FLAG_RETRY
0: FRSRPC_CO_FLAG_OUT_OF_ORDER
0: FRSRPC_CO_FLAG_NEW_FILE
0: FRSRPC_CO_FLAG_CONTROL
0: FRSRPC_CO_FLAG_DIRECTED_CO
0: FRSRPC_CO_FLAG_VVJOIN_TO_ORIG
0: FRSRPC_CO_FLAG_SKIP_ORIG_REC_C
0: FRSRPC_CO_FLAG_MOVEIN_GEN
0: FRSRPC_CO_FLAG_MORPH_GEN_HEAD
0: FRSRPC_CO_FLAG_JUST_OID_RESET
0: FRSRPC_CO_FLAG_COMPRESSED_STAGE
0: FRSRPC_CO_FLAG_SKIP_VV_UPDATE
iflags : 0x00000000 (0)
0: FRSRPC_CO_IFLAG_VVRETIRE_EXEC
0: FRSRPC_CO_IFLAG_CO_ABORT
0: FRSRPC_CO_IFLAG_DIR_ENUM_PENDING
status :
FRSRPC_CO_STATUS_REMOTE_CO_STAGING_STARTED (0x6)
content_cmd : 0x00000000 (0)
0: FRSRPC_CONTENT_REASON_DATA_OVERWRITE
0: FRSRPC_CONTENT_REASON_DATA_EXTEND
0: FRSRPC_CONTENT_REASON_DATA_TRUNCATION
0: FRSRPC_CONTENT_REASON_NAMED_DATA_OVERWRITE
0: FRSRPC_CONTENT_REASON_NAMED_DATA_EXTEND
0: FRSRPC_CONTENT_REASON_NAMED_DATA_TRUNCATION
0: FRSRPC_CONTENT_REASON_FILE_CREATE
0: FRSRPC_CONTENT_REASON_FILE_DELETE
0: FRSRPC_CONTENT_REASON_EA_CHANGE
0: FRSRPC_CONTENT_REASON_SECURITY_CHANGE
0: FRSRPC_CONTENT_REASON_OLD_NAME
0: FRSRPC_CONTENT_REASON_NEW_NAME
0: FRSRPC_CONTENT_REASON_BASIC_INFO_CHANGE
0: FRSRPC_CONTENT_REASON_COMPRESSION_CHANGE
location_cmd :
FRSRPC_CO_LOCATION_DIR_CREATE (0x1)
file_attributes : 0x00000010 (16)
file_version_number : 0x00000000 (0)
partern_ack_sequence_number: 0x000001a2 (418)
not_used : 0x00000000 (0)
file_size : 0x0000000000000000 (0)
file_offset : 0x0000000000000000 (0)
frs_vsn : 0x01cc582d94c3acf3
(129575442079526131)
file_usn : 0x00000000000001b8 (440)
jrnl_usn : 0x0000000000000000 (0)
jrnl_first_usn : 0x0000000000000000 (0)
original_replica_num : 0x00000001 (1)
new_replica_num : 0x00000001 (1)
change_order_guid :
336b1cba-10e6-4395-8838-be281d59eac4
originator_guid :
3228928b-f28f-40e4-9551-3c882ffb7418
file_guid :
5480c9fa-064f-41ae-b58d-6b5a4c45ae30
old_parent_guid :
a53f8113-fecc-46a0-a056-96fdf4f9ba1d
new_parent_guid :
a53f8113-fecc-46a0-a056-96fdf4f9ba1d
connection_guid :
00832930-5364-4c60-b3cc-4af0ac965258
ack_version : 0x01cc6d3937ecfec6
(129598581805743814)
spare2ul1 : 0x0000000000000000 (0)
spare1guid_p1 : 0x0000000000000000 (0)
spare1guid_p2 : 0x0000000000000000 (0)
spare2guid_p1 : 0x0000000000000000 (0)
spare3guid_p2 : 0x0000000000000000 (0)
spare1wcs : 0x00000000 (0)
spare2wcs : 0x00000000 (0)
extension : 0x00000000 (0)
spare2bin : 0x00000000 (0)
event_time : jeu. août 11 05:50:08
2011 PDT
file_name_length : 0x004c (76)
file_name :
'{31B2F340-016D-11D2-945F-00C04FB984F9}'
padding1 : 0x00 (0)
padding2 : 0x00 (0)
padding3 : 0x00 (0)
padding4 : 0x00 (0)
fileObjId: struct fscc_FileObjectIdBuffer_2
id :
5480c9fa-064f-41ae-b58d-6b5a4c45ae30
birthVolumeId :
00000000-0000-0000-0000-000000000000
initialObjectId :
00000000-0000-0000-0000-000000000000
domainId :
00000000-0000-0000-0000-000000000000
cocExt: struct frsrpc_CommPktCoRecordExtensionWin2k
field_size : 0x00000000 (0)
major :
FRSRPC_CO_RECORD_EXTENSION_VERSION_WIN2K (0x0)
offset_count : 0x0000 (0)
offset : 0x00000000 (0)
offset_last : 0x00000000 (0)
data_checksum: struct
frsrpc_CommPktDataExtensionChecksum
prefix_size : 0x00000000 (0)
prefix_type :
FRSRPC_DATA_EXTENSION_TERMINATOR (0x0)
data :
00000000000000000000000000000000
compressionGuid :
00000000-0000-0000-0000-000000000000
encDataHigh : 0x00000000 (0)
encDataLow : 0x00000000 (0)
dataSize : 0x0000000000000000 (0)
reparseDataPresent : 0x00000000 (0)
reparseDataHigh : 0x00000000 (0)
reparseDataLow : 0x00000400 (1024)
padding2 : 0x00000000 (0)
data: struct bkup_NTBackupFile
num_stream : 0x00000002 (2)
streams: ARRAY(2)
streams: struct bkup_Win32StreamId
id :
STREAM_ID_SECURITY_DATA (3)
attribute :
STREAM_ATTRIBUTE_SECURITY (2)
size : 0x0000000000000114 (276)
stream_name_size : 0x00000000 (0)
stream_name : ''
data : union
bkup_StreamData(case 3)
sd: struct security_descriptor
revision :
SECURITY_DESCRIPTOR_REVISION_1 (1)
type : 0x9404 (37892)
0: SEC_DESC_OWNER_DEFAULTED
0: SEC_DESC_GROUP_DEFAULTED
1: SEC_DESC_DACL_PRESENT
0: SEC_DESC_DACL_DEFAULTED
0: SEC_DESC_SACL_PRESENT
0: SEC_DESC_SACL_DEFAULTED
0: SEC_DESC_DACL_TRUSTED
0: SEC_DESC_SERVER_SECURITY
0: SEC_DESC_DACL_AUTO_INHERIT_REQ
0: SEC_DESC_SACL_AUTO_INHERIT_REQ
1: SEC_DESC_DACL_AUTO_INHERITED
0: SEC_DESC_SACL_AUTO_INHERITED
1: SEC_DESC_DACL_PROTECTED
0: SEC_DESC_SACL_PROTECTED
0: SEC_DESC_RM_CONTROL_VALID
1: SEC_DESC_SELF_RELATIVE
owner_sid : *
owner_sid : S-1-5-32-544
group_sid : *
group_sid : S-1-5-18
sacl : NULL
dacl : *
dacl: struct security_acl
revision :
SECURITY_ACL_REVISION_NT4 (2)
size : 0x00e4 (228)
num_aces :
0x0000000a (10)
aces: ARRAY(10)
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x00 (0)
0:
SEC_ACE_FLAG_OBJECT_INHERIT
0:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x00:
SEC_ACE_FLAG_VALID_INHERIT (0)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0014 (20)
access_mask :
0x001200a9 (1179817)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-11
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x0b (11)
1:
SEC_ACE_FLAG_OBJECT_INHERIT
1:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x0b:
SEC_ACE_FLAG_VALID_INHERIT (11)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0014 (20)
access_mask :
0xa0000000 (2684354560)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-11
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x00 (0)
0:
SEC_ACE_FLAG_OBJECT_INHERIT
0:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x00:
SEC_ACE_FLAG_VALID_INHERIT (0)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0018 (24)
access_mask :
0x001200a9 (1179817)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-32-549
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x0b (11)
1:
SEC_ACE_FLAG_OBJECT_INHERIT
1:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x0b:
SEC_ACE_FLAG_VALID_INHERIT (11)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0018 (24)
access_mask :
0xa0000000 (2684354560)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-32-549
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x00 (0)
0:
SEC_ACE_FLAG_OBJECT_INHERIT
0:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x00:
SEC_ACE_FLAG_VALID_INHERIT (0)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0018 (24)
access_mask :
0x001f01ff (2032127)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-32-544
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x0b (11)
1:
SEC_ACE_FLAG_OBJECT_INHERIT
1:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x0b:
SEC_ACE_FLAG_VALID_INHERIT (11)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0018 (24)
access_mask :
0x10000000 (268435456)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-32-544
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x00 (0)
0:
SEC_ACE_FLAG_OBJECT_INHERIT
0:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x00:
SEC_ACE_FLAG_VALID_INHERIT (0)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0014 (20)
access_mask :
0x001f01ff (2032127)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-18
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x0b (11)
1:
SEC_ACE_FLAG_OBJECT_INHERIT
1:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x0b:
SEC_ACE_FLAG_VALID_INHERIT (11)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0014 (20)
access_mask :
0x10000000 (268435456)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-18
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x00 (0)
0:
SEC_ACE_FLAG_OBJECT_INHERIT
0:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x00:
SEC_ACE_FLAG_VALID_INHERIT (0)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0018 (24)
access_mask :
0x001f01ff (2032127)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-5-32-544
aces: struct security_ace
type :
SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags :
0x0b (11)
1:
SEC_ACE_FLAG_OBJECT_INHERIT
1:
SEC_ACE_FLAG_CONTAINER_INHERIT
0:
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
1:
SEC_ACE_FLAG_INHERIT_ONLY
0:
SEC_ACE_FLAG_INHERITED_ACE
0x0b:
SEC_ACE_FLAG_VALID_INHERIT (11)
0:
SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0:
SEC_ACE_FLAG_FAILED_ACCESS
size :
0x0014 (20)
access_mask :
0x10000000 (268435456)
object :
union security_ace_object_ctr(case 0)
trustee :
S-1-3-0
streams: struct bkup_Win32StreamId
id : STREAM_ID_OBJECTID (7)
attribute :
STREAM_ATTRIBUTE_NORMAL (0)
size : 0x0000000000000040 (64)
stream_name_size : 0x00000000 (0)
stream_name : ''
data : union
bkup_StreamData(case 7)
object: struct fscc_FileObjectIdBuffer_2
id :
5480c9fa-064f-41ae-b58d-6b5a4c45ae30
birthVolumeId :
00000000-0000-0000-0000-000000000000
initialObjectId :
00000000-0000-0000-0000-000000000000
domainId :
00000000-0000-0000-0000-000000000000
dump OKBut some fields of the stage_header are not quite as described in paragraph 3.3.4.4.7 COMM_COMMAND Is CMD_SEND_STAGE.
In particular, paragraph 2.2.3.2 CHANGE_ORDER_COMMAND define a status attribute but in 3.3.4.4.7 we are told about a "state" attribute:
State:*For Initial Sync: MUST be set to 5 (allocating staging file space for remote change order). *For Normal Sync: MUST be set to 1 (allocating staging file space for local change order).
I'm ready to think it's the same field but in the dump (from a windows server) the status filed had the value FRSRPC_CO_STATUS_REMOTE_CO_STAGING_STARTED (0x6) not 1 not 5.
It's stated that "PartnerAckSeqNumber MUST be set to 0." in the dump partern_ack_sequence_number is set to 418. It's stated that "AckVersion MUST be set to 0." in the dump ackVersion is set to 129598581805743814.
Can you tell me what is the use of the command's flag for the upstream partner (the receiver of the file).
Thanks. Matthieu -- Matthieu Patou Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
