3.3.4.11 Server Application Requests Security Context of the Client

An application running on the server issues a query for the security context of a client, specifying the LocalOpen to a named pipe that has been opened by the SMB2 server on behalf of the remote client.

The server MUST cycle through the entries in the GlobalOpenTable and locate the Open for which Open.LocalOpen matches the provided LocalOpen. If no Open is found, the request MUST be failed with STATUS_OBJECT_NAME_NOT_FOUND.

If Open.Connection is NULL, the request MUST be failed with STATUS_NO_TOKEN.

If Open.TreeConnect.Share.Name is not equal to "IPC$" (indicating that the open is not a named pipe), the request SHOULD be failed with STATUS_ACCESS_DENIED.

If Open.TreeConnect.Session.SecurityContext is NULL, the request MUST be failed with STATUS_NO_TOKEN.

Otherwise, the server MUST return Open.TreeConnect.Session.SecurityContext to the caller.