none
Query SMB2 SESSION_SETUP Response RRS feed

  • Question

  • Another query for you good folk. SMB2 spec V20080207 page 32/242
    SessionFlags.

    It states:
    SessionFlags: A flags field that indicates additional information about the session. This field MUST be constructed using the following values:

    SMB2_SESSION_FLAG_IS_GUEST  0x0001
    SMB2_SESSION_FLAG_IS_NULL     0x0002

    I get a value of zero showing in captures. Presumably if the user is a valid domain member then zero is a correct value
    and indicates an authenticated user ? The way it is written implies only a value composed of 0x001 and 0x002 is valid (MUST) but I think 0x000 should also be valid ?
    Wednesday, March 12, 2008 3:09 PM

Answers

  •  

    Neil,

     

    You are entirely correct in your observation regarding allowable values for SessionFlags.

     

    In addition to these:

     

    SMB2_SESSION_FLAG_IS_GUEST  0x0001

    SMB2_SESSION_FLAG_IS_NULL     0x0002

     

    The value may also be 0x0000

     

    This is because when a user has been authenticated, none of these fields are set and the SessionFlags contains a value of zero.

     

    Our documentation will be updated to reflect this change.

     

    Thanks for catching this omission and pointing it out to us.

     

    Regards,

     

    Jim Reynolds - MSFT

     

    Friday, March 14, 2008 9:36 PM

All replies

  •  

    Hello,

     

    Thank you for contacting Microsoft regarding Windows protocol documentation.   

     

    My name is Jim Reynolds and I am the consultant who will work with you and our Microsoft technical teams to resolve this issue.

     

    If possible, I would like to have the following information:

     

    1) Could you upload a Netmon or Wireshark network capture file (with frame numbers) that demonstrate the issues mentioned above?

     

    2) Can you let me know what systems and versions are at each of the endpoints?

     

    3) What applications are you running to reproduce this with?

     

    4) Could you please refer to the document by section number and paragraph to avoid any confusion on our part?

     

    Please ftp your files to our product support site using the procedures that I outlined in the initial response to your MS RAP question.

      

    Also, could you please post the names of the files that you ftp to us for this issue?

     

    Regards,

     

    Jim Reynolds - MSFT

    Microsoft Consulting Services

     

     

    Thursday, March 13, 2008 12:33 AM
  • Jim

    I have uploaded 2 netmon captures for you to the ftp site:
    msrap_SV_TYPE_ALL_vistasp_2_vistasp1.cap (Show MS-RAP issue)
    v_2_v_SP1.cap (shows the SMB2 Session setup point)

    Capture of interest here is v_2_v_SP1.cap Packet 273 shows the setup session request, packet 276 shows the session setup response, which is the packet of interest. Both machines are running Vista with SP1 (but I don't think the SP1 is an issue I think it is a documentation issue). Both machines are a member of a domain (thetestplace.internal) so the operation
    is being performed by an authenticated user (revelent to point at issue)

    You will see that the Session Flags are Zero. This makes sense if you read the Netmon flag comments, i.e an authenticated user is Not a guest user and is Not a NULL user. It just does just not corresepond with the wording of the SMB2 spec

    To repeat the spec states:

    SessionFlags: A flags field that indicates additional information about the session. This field MUST be constructed using the following values:

    SMB2_SESSION_FLAG_IS_GUEST  0x0001
    SMB2_SESSION_FLAG_IS_NULL     0x0002

    The SMB2 spec needs an extra entry saying that the value of 0x0 is an authenticated user 

    Regards

    Neil

    Thursday, March 13, 2008 8:46 AM
  •  

    Neil,

     

    Thanks for the uploaded files.  They were transferred successfully.

     

    I will send the network traces to the appropriate development teams,  along with your helpful comments.

     

    I hope to get back to you soon with our technical response to your questions.

     

    Regards,

     

    Jim Reynolds – MSFT

     

    Thursday, March 13, 2008 8:30 PM
  •  

    Neil,

     

    You are entirely correct in your observation regarding allowable values for SessionFlags.

     

    In addition to these:

     

    SMB2_SESSION_FLAG_IS_GUEST  0x0001

    SMB2_SESSION_FLAG_IS_NULL     0x0002

     

    The value may also be 0x0000

     

    This is because when a user has been authenticated, none of these fields are set and the SessionFlags contains a value of zero.

     

    Our documentation will be updated to reflect this change.

     

    Thanks for catching this omission and pointing it out to us.

     

    Regards,

     

    Jim Reynolds - MSFT

     

    Friday, March 14, 2008 9:36 PM