You might notice, upon careful examination, that the client does not send back a MaxRawSize value. These SMBs are considered obsolete, so newer clients really shouldn't be using them. It does seem as though there's a good deal of cruft in the SMB protocol. The SessionKey , for example, appears to be a vestigial organ, the purpose of which has been mostly forgotten.
Originally, such fields may have been intended to compensate for a limitation in a specific transport or an older implementation, or to solve some other problem that isn't a problem any more. PS , for instance. So, to avoid congestion, the redirector could create additional connections to facilitate faster transfers for individual processes.
In particular, see the definition of a VC on page 2, and the description of the "Virtual Circuit Environment" in Section 4. Process 11 has the use of virtual circuit number 1 VC 1.
That's how the new VC is bound to the existing logical session. The mystery of the SessionKey field is finally revealed. Kind of a let-down, isn't it? Whenever a new transport-layer connection is created, the client is supposed to assign a new VC number.
Note that the VcNumber on the initial connection is expected to be zero to indicate that the client is starting from scratch and is creating a new logical session. If an additional VC is given a VcNumber of zero, the server may assume that any existing connections with that same client are now bogus , and shut them down.
The zero VcNumber is the client's signal to the server to clean up old connections. Reasonable or not, that's the logic behind it. Unfortunately, it turns out that there are some annoying side-effects that result from this behavior.
It is possible, for example, for one rogue application to completely disrupt SMB filesharing on a system simply by sending Session Setup requests with a zero VcNumber. Connecting to a server through a NAT N etwork A ddress T ranslation gateway is also problematic , since the NAT makes multiple clients appear to be a single client by placing them all behind the same IP address.
The biggest problem with virtual circuits, however, is that they are not really needed any more if, in fact, they ever were. As a result, they are handled inconsistently by various implementations and are not entirely to be trusted. On the client-side, the best thing to do is to ignore the concept and view each transport connection as a separate logical session, one VC per session. Another important note is that the server should not disconnect existing VCs upon receipt of a new VC with a zero VcNumber.
As described above, doing so is impractical and may break things. The server should let the transport layer detect and report session disconnects. At most, a zero VcNumber might be a good excuse to send a keep- alive packet. Remember a little while back when we said that there were subtle variations within SMB dialects? Well, some of them are not all that subtle once you get to know them.
The Capabilities bits formalize several such variations by letting the client and server negotiate which special features will be supported. The table below provides a listing of the capabilities defined for servers. The client set is smaller. If set, this bit indicates that the server can compress Data blocks before sending them. Currently, however, there are no known implementations that support bulk transfer.
Samba does not even bother to define constants for these capabilities. Microsoft reserved this bit based on a proposal by Byron Deadwiler at Hewlett-Packard for a small set of Unix extensions. The SNIA doc describes these extensions in an appendix. Note, however, that the proposal was made and the appendix written before the extensions were widely implemented.
The theoretical maximum is 64 Kbytes, but the client should never request more data than it can receive. In testing, NT 4. If the value of this field is one, then the user attempted to log in as a user other than Guest, but could not be authenticated for that account. Using a fallback mechanism on the server, the user is now logged in as Guest. Otherwise, Server. The server follows the steps as specified in section 3.
SessionKeyState to Unavailable. AuthenticationState as Expired when the time-out occurs, as specified in 3. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. ServerCapabilities is not set, then the client processes the response. The connection MUST remain open for the client to attempt another authentication.
If the Client. SessionKey to the returned value. If authentication has completed successfully, Client. To determine whether signing is required to be active, the user security context that completed authentication is verified. Anonymous authentication is indicated by the fact that no credentials are provided. Once these steps are completed, the client MUST verify the signature of this response.
The client follows the steps specified in section 3.
0コメント