188.8.131.52.3.1 Application Requests Reauthenticating a User
It is possible that the server indicates that authentication has expired, as specified in sections 184.108.40.206 and 220.127.116.11, or the application or the client itself requests that an existing session be reauthenticated. In either case, the client MUST issue a subsequent session setup request for the SessionId of the session being reauthenticated. The application SHOULD NOT issue new requests until the reauthentication succeeds.
The client MAY<109> either:
In either case, it initializes the GSS authentication protocol with the MutualAuth and Delegate options. In addition, the client MUST also set the GSS_C_FRAGMENT_TO_FIT parameter as specified in [MS-SPNG] section 3.3.1. The GSS-API output token is up to a size limit determined by local policy <110> when GSS_C_FRAGMENT_TO_FIT is set.
If the GSS authentication protocol returns an error, the reauthentication attempt MUST be aborted, and the error MUST be returned to the higher-level application.
The Command field MUST be set to SMB2 SESSION_SETUP.
The MessageId field is set as specified in section 18.104.22.168.3.
The SessionId field MUST be set to the Session.SessionId for the session being reauthenticated.
The SMB2 SESSION_SETUP Request MUST be initialized as follows:
If RequireMessageSigning is TRUE, the client MUST set the SMB2_NEGOTIATE_SIGNING_REQUIRED bit in the SecurityMode field.
If RequireMessageSigning is FALSE, the client MUST set the SMB2_NEGOTIATE_SIGNING_ENABLED bit in the SecurityMode field.
The Flags field MUST be set to 0.
The PreviousSessionId field MUST be set to 0.
The GSS output token is copied into the Buffer field in the request. The client MUST set SecurityBufferOffset and SecurityBufferLength to describe the location and length of the GSS output token in the request.
This request MUST be sent to the server.