Server Message Block

• the SMB protocol specification
• the "server" and "workstation" services that implement the protocol on Windows
• the Network Neighborhood " protocols which primarily (but not exclusively) run as datagram services directly on the

Contents

• 1 History
• 2 Implementation
  • 2.1 Client-server approach
  • 2.2 Performance issues
    • 2.2.1 NetBIOS
    • 2.2.2 WAN performance
    • 2.4.1 Batch Locks
    • 2.4.2 Exclusive Locks
    • 2.4.3 Level 2 OpLocks
    • 2.4.4 Breaks
    • 3.1 SMB 2.1

    History [ ]

    IBM with the aim of turning DOS " LAN Manager product which it had started developing for OS/2 with Windows for Workgroups (circa 1992) and in later versions of Windows.

    SMB was originally designed to run on top of the NBF , NetBIOS over Windows 2000, SMB runs by default directly on top of TCP — a feature known as "direct host SMB" where the server service listens on TCP port 445. [2]

    At around the time when Sun Microsystems announced [3] , Microsoft launched an initiative in [ citation needed ] ), and added more features, including support for Internet-Drafts to the [4] though these submissions have expired.

    Because of the importance of the SMB protocol in interacting with the widespread Microsoft Windows platform, coupled with the heavily modified nature of the SMB implementation present in that platform, the Implementation [ ]

    Client-server approach [ ]

    SMB works through a file server ; but some other sections of the SMB protocol specialize in authentication at the very least. Almost all implementations of SMB servers use NT Domain authentication to validate user-access to resources.

    Performance issues [ ]

    NetBIOS [ ]

    The use of the SMB protocol has often correlated with a significant increase in unswitched network as the number of hosts increases. The implementation of name resolution infrastructure in the form of Dynamic DNS now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NETBIOS names by DNS requires that DNS "guess" the fully qualified name, usually using a connection-specific DNS Suffix. WINS can still be configured as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS.

    WAN performance [ ]

    [5] For example, a VPN connection over the Internet will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than a [6] Solutions to this problem include the updated SMB 2.0 protocol, TCP window scaling and [7] .

    Microsoft's modifications [ ]

    Microsoft added several extensions to its own SMB implementation. For example, it added [8] Later, [9] (subsequently lifted in 1996 when President Bill Clinton signed Executive order 13026 [10] ). Opportunistic locking support has changed with each server release.

    Opportunistic locking [ ]

    In the SMB protocol, opportunistic locking is a locks , OpLocks are not used in order to provide mutual exclusion. The main goal of OpLocks is to provide synchronization for caching. There are 3 types of opportunistic locks:

    Batch Locks [ ]

    Batch OpLocks were created originally to support a particular behavior of MS-DOS batch file execution operation in which the file is opened and closed many times in a short period. This is an obvious performance problem. To solve this, a client may ask for a OpLock of type "batch". In this case, the client delays sending the close request and if a subsequent open request is given, the two requests cancel each other.

    Exclusive Locks [ ]

    When an application opens in "shared mode" a file hosted on an SMB server which is not opened by any other process (or other clients) the client receives an exclusive OpLock from the server. This means that the client may now assume that it is the only process with access to this particular file, and the client may now cache all changes to the file before committing it to the server. This is an obvious performance boost, since fewer round-trips are required in order to read and write to the file. If another client/process tries to open the same file, the server sends a message to the client (called a break or revocation) which invalidates the exclusive lock previously given to the client. The client then flushes all changes to the file.

    Level 2 OpLocks [ ]

    If an exclusive OpLock is held by a client and a locked file is opened by a third party, the client has to relinquish its exclusive OpLock to allow the other client's write/read access. A client may then receive a "Level 2 OpLock" from the server. A Level 2 OpLock allows the caching of read requests but excludes write caching.

    Breaks [ ]

    In contrast with the SMB protocol's "standard" behavior, a break request may be sent from server to client. It informs the client that an OpLock is no longer valid. This happens, for example, when another client wishes to open a file in a way that invalidates the OpLock. The first client is then sent an OpLock break and required to send all its local changes (in case of batch or exclusive OpLocks), if any, and acknowledge the OpLock break. Upon this acknowledgment the server can reply to the second client in a consistent manner.

    SMB2 [ ]

    Microsoft introduced a new version of the Server Message Block (SMB) protocol ( Windows Vista in 2006. [11] Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol. [12]

    SMB2 reduces the 'chattiness' of the protocol by reducing the number of commands and subcommands from over a hundred to just nineteen. [13] It has mechanisms for [5] SMB1 also has a compounding mechanism — known as AndX — to compound multiple actions, but Microsoft clients rarely use AndX.

    SMB2 supports larger buffer-sizes, which can provide better performance with large file-transfers and better use of faster networks. [5]

    It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network-outages, such as may occur in a wireless network, without having to incur the overhead of negotiating a new session.

    SMB2 includes support for [5] The SMB1 protocol uses 16-bit data sizes, which amongst other things, limits the maximum block size to 64K. SMB2 uses 32 or 64-bit wide storage fields, and 128 bits in the case of file-handles , thereby removing previous constraints on data sizes.

    Windows Vista and later operating systems use SMB2 when communicating with other machines running Windows Vista or later. SMB1 continues in use for connections with older versions of Windows, as well as systems like Samba and various vendors' [14]

    SMB2 brings two substantial benefits to Microsoft:

    1. clearer intellectual-property ownership. SMB1, originally designed by IBM, became part of a wide variety of non-Windows operating systems such as Xenix, OS/2 and http://ubiqx.org/cifs/Intro.html for historical detail).
    2. a relatively clean break with the past. Microsoft's SMB1 code has to work with a huge variety of SMB clients and servers. A large number of items in the protocol remain optional (such as short and long filenames). SMB1 features many levels of information for commands (selecting what structure to return for a particular request). SMB1 added [update] involving only other Windows Vista clients and servers). SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support).

    SMB 2.1 [ ]

    SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced further performance enhancements with a new opportunistic locking mechanism. [15]

    Points of interest [ ]

    The SMB "Inter-Process Communication" (IPC) system provides [ clarification needed ] first connected to an SMB server. [ citation needed ]

    Some services that operate over named pipes, such as those which use Microsoft's own implementation of MSRPC over SMB, also allow MSRPC client programs to perform authentication, which over-rides the authorization provided by the SMB server, but only in the context of the MSRPC client program that successfully makes the additional authentication.

    Since Windows domain controllers use SMB to transmit policies at login, they have packet- signing enabled by default to prevent [16] The design of [ citation needed ] to mitigate this performance-limitation by coalescing SMB signals into single packets.

    Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components that it directly relies on, [17] [18] [19] with the most recent vulnerability involving the SMB2 implementation. [20]

    Specifications for SMB and SMB2 Protocols [ ]

    The specifications for the SMB and SMB2 procotols are available for free download from Microsoft's MSDN Open Protocol Site

    There are a number of specifications that are relevant to the SMB protocol:

    MS-CIFS is a recent replacement (2007) for the draft-leach-cifs-v1-spec-02.txt a document widely used to implement SMB clients, but also known to have errors of omission and commission

    • [3] Specification for Microsoft Extensions to [4] Specification for the SMB 2 protocol
    • [5] Describes the intended functionality of the Windows File Access Services System, how it interacts with systems and applications that need file services, and how it interacts with administrative clients to configure and manage the system.

    Versions and implementations [ ]

    The list below explicitly refers to "SMB" as including an SMB client or an SMB server, plus the various protocols that extend SMB, such as the Network Neighborhood suite of protocols and the NT Domains suite. For simplicity and conciseness and vagueness, however, the list omits mention of the extent or completeness of the reimplementation or porting status for any of these implementations, "lumping" them all together simply as "SMB".

    • agorum core , open source enterprise content management system with fully integrated CIFS-Server for accessing documents.
    • neighborhood ") through fuse kernel module and its Novell NetWare version 6 and newer has a CIFS server implementation providing access to NetWare volumes for Microsoft Network clients.
    • Mac OS X include SMB client implementations called smbfs, originally derived from the FreeBSD smbfs; they use the NetBSD and OS X VFS.
    • Solaris has a project called CIFS client for Solaris, based on the Mac OS X smbfs.
    • OpenSolaris added in-kernel CIFS server support in October 2007.
    • Sun Microsystems [citation needed] carried out by Microsoft itself) has caused any vendor sub-licensing it significant grief. [citation needed]
    • SCO has a port of SCO also has VisionFS , a Microsoft-independent re-implementation of SMB developed through reference to Samba source code. [citation needed]
    • file-system JCIFS offers an implementation of an SMB client in Java
    • RTSMB, a CIFS/SMB implementation written in ANSI C. EBS designed RTSMB from scratch, independently of MS or SAMBA design reference, to run in Visuality Systems NQ CIFS, a CIFS (SMB) server and client solution for embedded devices — ported to many popular real-time operating systems (RTOSs)
    • Flash Files has an SMB server implementation.
    • Some See also [ ]

    • Administrative share
    • References [ ]
    1. ↑"Microsoft SMB Protocol and CIFS Protocol Overview". Microsoft. 2009-10-22 . Retrieved 2009-11-01 .
    2. ↑"Direct hosting of SMB over TCP/IP". Microsoft. 2007-10-11 . Retrieved 2009-11-01 .
    3. ↑YANFS yet another nfs
    4. ↑ * Common Internet File System Protocol (CIFS/1.0)
       • CIFS Logon and Pass Through Authentication
       • CIFS/E Browser Protocol
       • CIFS Printing Specification
       • CIFS Remote Administration Protocol
       • A Common Internet File System (CIFS/1.0) Protocol
    5. ↑ 5.05.15.25.3 Jose Barreto (2008-12-09). "SMB2, a Complete Redesign of the Main Remote File Protocol for Windows". Microsoft . Retrieved 2009-11-01 .
    6. ↑ Neil Carpenter (2004-10-26). "SMB/CIFS Performance Over WAN Links". Microsoft . Retrieved 2009-11-01 .
    7. ↑ Mark Rabinovich, Igor Gokhman. "CIFS Acceleration Techniques". Storage Developer Conference, SNIA, Santa Clara 2009.
    8. ↑ Christopher Hertel (1999). "SMB: The Server Message Block Protocol" . Retrieved 2009-11-01 .
    9. ↑"Description of Microsoft Windows Encryption Pack 1". Microsoft. 2006-11-01 . Retrieved 2009-11-01 .
    10. ↑"US Executive order 13026". . Retrieved 2009-11-01 .
    11. ↑ Navjot Virk and Prashanth Prahalad (March 10, 2006). "What's new in SMB in Windows Vista". Chk Your Dsks. MSDN . Retrieved 2006-05-01 .
    12. ↑"(MS-SMB2): Server Message Block (SMB) Version 2 Protocol Specification". Microsoft. 2009-09-25 . Retrieved 2009-11-01 .
    13. ↑ Cite error: Invalid tag; no text was provided for refs named name=
    14. ↑ Andrew Tridgell (September 12, 2006). "Exploring the SMB2 protocol" (PDF).
    15. ↑"Implementing an End-User Data Centralization Solution". Microsoft. 2009-10-21. pp. 10–11 . Retrieved 2009-11-02 .
    16. ↑"Overview of Server Message Block signing". Microsoft. 2007-11-30 . Retrieved 2009-11-01 .
    17. ↑"MS02-070: Flaw in SMB Signing May Permit Group Policy to Be Modified". Microsoft. 2007-12-01 . Retrieved 2009-11-01 .
    18. ↑"MS09-001: Vulnerabilities in SMB could allow remote code execution". Microsoft. 2009-01-13 . Retrieved 2009-11-01 .
    19. ↑"MS08-068: Vulnerability in SMB could allow remote code execution". Microsoft. 2009-02-26 . Retrieved 2009-11-01 .
    20. ↑"MS09-050: Vulnerabilities in SMB could allow remote code execution". Microsoft. 2009-10-13 . Retrieved 2009-02-26 .

    External links [ ]

    • Hertel, Christopher (2003). Implementing CIFS — The Common Internet FileSystem. Prentice Hall. ISBN 0-13-047116-X. (Text licensed under the Technical details about SMB/CIFS
    • Common Internet File System (CIFS) File Access Protocol - Technical details from Microsoft Corporation
    • the NT LM 0.12 dialect of SMB. In Microsoft Word format
    • Samba development information
    • Introduction to the Common Internet File System (CIFS): Leverage the Power of this Popular Network File Sharing Protocol Online introduction to CIFS: Lecture/blog by Ron Fredericks
    • Zechner, Anton (2007). "Source-code of a free SMB server for small embedded systems"

    
    cs:Server Message Block eu:Server Message Block ko:서버 메시지 블록 ja:Server Message Block pt:Server Message Block sv:Server Message Block