Partager via


3.2.1.2 Per SMB Connection

Client.Connection: An established SMB connection between the client and the server. The following ADM elements are maintained for each SMB connection established by a client.

Client.Connection.ClientNextSendSequenceNumber: A sequence number for the next signed request being sent.

Client.Connection.ClientResponseSequenceNumber: A list of the expected sequence numbers for the responses of outstanding signed requests, indexed by process identifier (PID) value and Multiplex ID (MID value).

Client.Connection.ConnectionlessSessionID: Only used if the underlying transport is connectionless. This is an SMB Connection identifier: a server-unique identifier for the connection between the client and the server.

Client.Connection.IsSigningActive: A Boolean that indicates whether or not message signing is active for this SMB connection.

Client.Connection.NegotiateSent: A Boolean that indicates whether an SMB_COM_NEGOTIATE request has been sent for this connection.

Client.Connection.NTLMChallenge: A byte array containing the cryptographic challenge received from the server during protocol negotiation. The challenge is returned in the SMB_COM_NEGOTIATE response.

Client.Connection.OpenTable: A list of Opens, as specified in section 3.2.1.5. This list MUST allow lookups based upon the Open.FID.

Client.Connection.PIDMIDList: A list of currently outstanding SMB commands. Each entry MUST include the PID and Multiplex IDs (MIDs) assigned to the request and MUST include a time-out time stamp of when the request was sent. For transaction requests (see section 3.2.4.1.5), each entry MUST include a state variable TransactionState to describe the state of the transaction. Each transaction has three states: TransmittedPrimaryRequest, ReceivedInterimResponse, and TransmittedAllRequests.

The maximum number of entries in the Client.Connection.PIDMIDList is limited to the Client.Connection.MaxMpxCount value. More than Client.Connection.MaxMpxCount commands MUST NOT be outstanding at any given time.

Client.Connection.SearchOpenTable:  A list of SearchOpens, as specified in section 3.2.1.6, representing currently open file searches on the server associated with the SMB connection.

Client.Connection.SelectedDialect: A variable that stores the SMB Protocol dialect selected for use on this connection. Details of dialects prior to NT LAN Manager (NTLM) ("NT LM 0.12") are described in other documents. See the table in section 1.7 for a list of dialects and implementation references.

Client.Connection.ServerCapabilities: The capabilities of the server, as specified in the description of the SMB_COM_NEGOTIATE response, section 2.2.4.52.2. The capabilities indirectly reflect the negotiated dialect for this connection.

Client.Connection.ServerChallengeResponse: A Boolean value that indicates whether or not the server supports challenge/response authentication.

Client.Connection.ServerSessionKey: The session key value returned by the server in the negotiate response.

Client.Connection.ServerMaxBufferSize: The negotiated maximum size, in bytes, for SMB messages sent to the server. This limit applies to all SMB messages sent to the server unless otherwise specified for particular message types.

Client.Connection.MaxMpxCount: The negotiated maximum number of commands that are permitted to be outstanding on a given SMB connection. This value is negotiated between the server and client, and limits the maximum number of entries in the Client.Connection.PIDMIDList.

Client.Connection.ServerName: The name of the server. For NetBIOS-based transports, this is the NetBIOS name of the server. For other transports, this is a transport-specific identifier that provides a unique name or address for the server.

Client.Connection.ServerSigningState: A value that indicates the signing policy of the server. This value is one of Disabled, Enabled, or Required.

Client.Connection.SessionTable: A list of authenticated sessions that have been established on this SMB connection as defined in section 3.2.1.3. It MUST be possible to look up entries by either the UID or the security context of the user that established the session.

Client.Connection.ShareLevelAccessControl: A Boolean that determines whether the target server requires share passwords (share level access control) instead of user accounts (user level access control). Share level and user level access control are mutually exclusive. The server MUST support one or the other, but not both.

Client.Connection.SigningChallengeResponse: A variable-length byte array that contains the challenge response to use for signing, if signing is active. If SMB signing is activated on the connection (Client.Connection.IsSigningActive becomes TRUE), the client response to the server challenge from the first non-null, non-guest session is used for signing all traffic on the SMB connection. The Client.Connection.SigningChallengeResponse is set to one of several possible values:

  • Empty -- If Client.Connection.IsSigningActive is FALSE, no connection signing challenge response is used.

  • LM or LMv2 response -- The response passed from client to server in the OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX request.

  • NTLM or NTLMv2 response -- The response passed from client to server in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX request.

Client.Connection.SigningSessionKey: A variable-length byte array that contains the session key that is used for signing packets, if signing is active.

If SMB signing is activated on the connection (Client.Connection.IsSigningActive becomes TRUE), the session key from the first non-null, non-guest session is used for signing all traffic on the SMB connection. The Client.Connection.SigningSessionKey is set to one of three values:

  • Empty - If Client.Connection.IsSigningActive is FALSE, no connection signing session key is used.

  • LM Session Key - The LM hash, generated from the user's password using the LMOWFv1() function defined in [MS-NLMP] section 3.3.1.

  • NT Session Key - The NTLM hash, generated from the user's password using the NTOWFv1() function defined in [MS-NLMP] section 3.3.1.

Client.Connection.TreeConnectTable: A list of the tree connects over this SMB connection established to shares on the target server, containing the TID for each of the tree connects. It MUST be possible to look up entries either by TID or by share name.