Export (0) Print
Expand All

3.3.5.7 Receiving an SMB2 TREE_CONNECT Request

When the server receives a request with an SMB2 header with a Command value equal to SMB2 TREE_CONNECT, message handling proceeds as follows:

The server MUST locate the authenticated session, as specified in section 3.3.5.2.9.

If Connection.Dialect is "3.1.1" and Session.IsAnonymous and Session.IsGuest are set to FALSE and the request is not signed or not encrypted, then the server MUST disconnect the connection.

The server MUST parse the Buffer field as specified in [MS-DTYP] section 2.2.49 to extract the hostname and sharename components. If the Buffer field is not in the format specified in section 2.2.9, the server MUST fail the request with STATUS_INVALID_PARAMETER. Otherwise, the server MUST provide the tuple <hostname, sharename> parsed from the request message to invoke the event specified in [MS-SRVS] section 3.1.6.8, to normalize the hostname by resolving server aliases and evaluating share scope. The server MUST use <normalized hostname, sharename> to look up the Share in ShareList. If no share with a matching share name and server name is found, the server MUST fail the request with STATUS_BAD_NETWORK_NAME. If a share is found, the server MUST do the following:

If Share.Type includes STYPE_CLUSTER_FS, STYPE_CLUSTER_SOFS, or STYPE_CLUSTER_DFS and Connection.Dialect is greater than MaxClusterDialect and SMB2_SHAREFLAG_CLUSTER_RECONNECT is not set in Flags/Reserved field, the server MUST fail the request with STATUS_SMB_BAD_CLUSTER_DIALECT (0xC05D0001) and if Connection.Dialect is SMB 3.1.1, the server MUST return error data as specified in section 2.2.2 with ByteCount set to 10, ErrorContextCount set to 1, and ErrorData set to SMB2 ERROR Context response formatted as ErrorDataLength set to 2, ErrorId set to 0, and ErrorData set to MaxClusterDialect; otherwise, the server MUST return error data as specified in section 2.2.2 with ByteCount set to 2 and ErrorContextData set to MaxClusterDialect.

If the server implements the SMB 3.x dialect family, EncryptData or Share.EncryptData is TRUE, RejectUnencryptedAccess is TRUE, and Connection.ServerCapabilities does not include SMB2_GLOBAL_CAP_ENCRYPTION, the server MUST fail the request with STATUS_ACCESS_DENIED.

The server MUST determine whether the user represented by Session.SecurityContext is granted access based on the authorization policy specified in Share.ConnectSecurity. If the server determines that it will grant access, the server MUST fail the request with STATUS_ACCESS_DENIED.

The server MUST provide the tuple <hostname, sharename> to invoke the event specified in [MS-SRVS] section 3.1.6.15 to get the total number of current uses of the share. If the total number of current uses is equal to or greater than Share.MaxUses, the server MUST fail the request with STATUS_REQUEST_NOT_ACCEPTED.

The server MUST allocate a tree connect object and insert it into Session.TreeConnectTable. The server MUST provide the tuple <hostname, sharename> and MUST register TreeConnect by invoking the event specified in [MS-SRVS] section 3.1.6.6 and assign the return value to TreeConnect.TreeGlobalId. The other initial values MUST be set as follows:

  • TreeConnect.TreeId MUST be set to a value generated to uniquely identify this tree connect in the Session.TreeConnectTable. The SMB2 server MUST reserve -1 for invalid TreeId.

  • TreeConnect.Session MUST be set to the session found on the SessionId lookup.

  • TreeConnect.Share MUST be set to the share found on the lookup.

  • TreeConnect.OpenCount MUST be set to 0.

  • TreeConnect.CreationTime MUST be set to current time.

  • TreeConnect.Share.CurrentUses MUST be increased by 1.

The SMB2 TREE_CONNECT response MUST be constructed following the syntax specified in section 2.2.10, as described here:

  • ShareFlags MUST be set based on the individual share properties (Share.CscFlags, Share.DoAccessBasedDirectoryEnumeration, Share.AllowNamespaceCaching, Share.ForceSharedDelete, Share.RestrictExclusiveOpens, Share.HashEnabled, Share.ForceLevel2Oplock, Share.IsDfs, Share.EncryptData.)

    • The server MUST set all flags contained in Share.CscFlags.

    • The server SHOULD<240> set the SMB2_SHAREFLAG_DFS bit if the per-share property Share.IsDfs is TRUE, indicating that the share is part of a DFS namespace.

    • The server SHOULD<241> set the SMB2_SHAREFLAG_DFS_ROOT bit if the per-share property Share.IsDfs is TRUE, indicating that the share is part of a DFS namespace.

    • The server MUST set the SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM bit if Share.DoAccessBasedDirectoryEnumeration is TRUE and ServerHashLevel is not HashDisableAll.

    • The server MUST set the SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING bit if Share.AllowNamespaceCaching is TRUE.

    • The server MUST set the SMB2_SHAREFLAG_FORCE_SHARED_DELETE bit if Share.ForceSharedDelete is TRUE.

    • The server MUST set the SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS bit if Share.RestrictExclusiveOpens is TRUE.

    • If Connection.Dialect belongs to the SMB 3.x dialect family, and Share.EncryptData is TRUE, the server MUST do the following:

      • Set the SMB2_SHAREFLAG_ENCRYPT_DATA bit.

    • If Share.HashEnabled is TRUE and ServerHashLevel is not HashDisableAll.

      • If Connection.Dialect belongs to the SMB 3.x dialect family, the server MUST set the SMB2_SHAREFLAG_ENABLE_HASH_V1 and SMB2_SHAREFLAG_ENABLE_HASH_V2 bits in an implementation-specific manner.<242>

      • Otherwise, it SHOULD<243> set the SMB2_SHAREFLAG_ENABLE_HASH_V1 bit.

    • The server MUST set the SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK bit if Share.ForceLevel2Oplock is TRUE.

  • ShareType MUST be set based on the resource being shared, as indicated by Share.Type:

    • If this share provides access to named pipes, as indicated by resource type STYPE_IPC, ShareType MUST be set to SMB2_SHARE_TYPE_PIPE.

    • If this share provides access to a printer, as indicated by the resource type STYPE_PRINTQ, ShareType MUST be set to SMB2_SHARE_TYPE_PRINT.

    • Otherwise, ShareType MUST be set to SMB2_SHARE_TYPE_DISK.

  • If Share.IsDfs is TRUE, the server MUST set the SMB2_SHARE_CAP_DFS bit in the Capabilities field.

  • If Connection.Dialect belongs to the SMB 3.x dialect family and Share.IsCA is TRUE, the server MUST set the SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY bit in the Capabilities field.

  • If Connection.Dialect belongs to the SMB 3.x dialect family and TreeConnect.Share.Type includes STYPE_CLUSTER_SOFS, the server MUST set the SMB2_SHARE_CAP_SCALEOUT bit in the Capabilities field.

  • If Connection.Dialect belongs to the SMB 3.x dialect family and TreeConnect.Share.Type includes STYPE_CLUSTER_FS, STYPE_CLUSTER_SOFS, or STYPE_CLUSTER_DFS, the server MUST set the SMB2_SHARE_CAP_CLUSTER bit in the Capabilities field.

  • If Connection.Dialect is "3.0.2" or "3.1.1" and TreeConnect.Share.Type includes STYPE_CLUSTER_SOFS, the server SHOULD<244> set the SMB2_SHARE_CAP_ASYMMETRIC bit in the Capabilities field in an implementation specific manner.

  • MaximalAccess MUST be set to the highest access the user described by Session.SecurityContext would have when accessing resources underneath the security descriptor Share.FileSecurity. The server MUST set TreeConnect.MaximalAccess to MaximalAccess.

The response MUST then be sent to the client.

The status code returned by this operation MUST be one of those defined in [MS-ERREF]. Common status codes returned by this operation include:

  • STATUS_SUCCESS

  • STATUS_ACCESS_DENIED

  • STATUS_INSUFFICIENT_RESOURCES

  • STATUS_BAD_NETWORK_NAME

  • STATUS_INVALID_PARAMETER

  • STATUS_USER_SESSION_DELETED

  • STATUS_NETWORK_SESSION_EXPIRED

  • STATUS_SERVER_UNAVAILABLE

Show:
© 2016 Microsoft