| Client Request ================================= |
Description ================================= |
| UCHAR WordCount; | Count of parameter words = 4 |
| UCHAR AndXCommand; | Secondary (X) command; 0xFF = none |
| UCHAR AndXReserved; | Reserved (must be 0) |
| USHORT AndXOffset; | Offset to next command WordCount |
| USHORT Flags; | Additional information |
| bit 0 set = disconnect Tid | |
| USHORT PasswordLength; | Length of Password[] |
| USHORT ByteCount; | Count of data bytes; min = 3 |
| UCHAR Password[]; | Password |
| STRING Path[]; | Server name and share name |
| STRING Service[]; | Service name |
The serving machine verifies the combination and returns an error code or an identifier. The full name is included in this request message and the identifier identifying the connection is returned in the tid field of the SMB header. The tid field in the client request is ignored. The meaning of this identifier (tid) is server specific; the client must not associate any specific meaning to it.
If the negotiated dialect is LANMAN1.0 or later, then it is a protocol violation for the client to send this message prior to a successful SMB_COM_SESSION_SETUP_ANDX, and the server ignores Password.
If the negotiated dialect is prior to LANMAN1.0 and the client has not sent a successful SMB_COM_SESSION_SETUP_ANDX request when the tree connect arrives, a user level security mode server must nevertheless validate the client's credentials as discussed earlier in this document.
Path follows UNC style syntax, that is to say it is encoded as \\server\share and it indicates the name of the resource to which the client wishes to connect.
Because Password may be an authentication response, it is a variable length field with the length specified by PasswordLength. If authentication is not being used, Password should be a null terminated ASCII string with PasswordLength set to the string size including the terminating null.
The server can enforce whatever policy it desires to govern share access. Typically, if the server is paused, administrative privilege is required to connect to any share; if the server is not paused, administrative privilege is required only for administrative shares (C$, etc.). Other such policies may include valid times of day, software usage license limits, number of simultaneous server users or share users, etc.
The Service component indicates the type of resource the client intends to access. Valid values are:
| Service ======== |
Description ======================== |
Earliest Dialect Allowed ================================ |
| A: | disk share | PC NETWORK PROGRAM 1.0 |
| LPT1: | printer | PC NETWORK PROGRAM 1.0 |
| IPC | named pipe | MICROSOFT NETWORKS 3.0 |
| COMM | communications device | MICROSOFT NETWORKS 3.0 |
| ????? | any type of device | MICROSOFT NETWORKS 3.0 |
If bit0 of flags is set, the tree connection to tid in the SMB header should be disconnected. If this tree disconnect fails, the error should be ignored.
If the negotiated dialect is earlier than DOS LANMAN2.1, the response to this SMB is:
| Server Response ================================ |
Description =================================== |
| UCHAR WordCount; | Count of parameter words = 2 |
| UCHAR AndXCommand; | Secondary (X) command; 0xFF = none |
| UCHAR AndXReserved; | Reserved (must be 0) |
| USHORT AndXOffset; | Offset to next command WordCount |
| USHORT ByteCount; | Count of data bytes; min = 3 |
If the negotiated is DOS LANMAN2.1 or later, the response to this SMB is:
| Server Response ================================ |
Description =================================== |
| UCHAR WordCount; | Count of parameter words = 3 |
| UCHAR AndXCommand; | Secondary (X) command; 0xFF = none |
| UCHAR AndXReserved; | Reserved (must be 0) |
| USHORT AndXOffset; | Offset to next command WordCount |
| USHORT OptionalSupport; | Optional support bits |
| USHORT ByteCount; | Count of data bytes; min = 3 |
| UCHAR Service[]; | Service type connected to. Always ANSII. |
| STRING NativeFileSystem[]; | Native file system for this tree |
NativeFileSystem is the name of the filesystem; values to be expected include FAT, NTFS, etc.
OptionalSupport bits has the encoding:
| Name ============================= |
Encoding ========= |
Description ========================== |
| smb_support_search_bits | 0x0001 | |
| smb_share_is_in_dfs | 0x0002 |
Some servers negotiate "DOS LANMAN2.1" dialect or later and still send the "downlevel" (i.e. wordcount==2) response. Valid AndX following commands are
SMB_COM_OPEN |
SMB_COM_OPEN_ANDX |
SMB_COM_CREATE |
SMB_COM_CREATE_NEW |
SMB_COM_CREATE_DIRECTORY |
SMB_COM_DELETE |
SMB_COM_DELETE_DIRECTORY |
SMB_COM_FIND |
SMB_COM_FIND_UNIQUE |
SMB_COM_COPY |
SMB_COM_RENAME |
SMB_COM_NT_RENAME |
SMB_COM_CHECK_DIRECTORY |
SMB_COM_QUERY_INFORMATION |
SMB_COM_SET_INFORMATION |
SMB_COM_GET_PRINT_QUEUE |
SMB_COM_OPEN_PRINT_FILE |
SMB_COM_NO_ANDX_COMMAND |
SMB_COM_TRANSACTION |
ERRDOS/ERRnomem
ERRDOS/ERRbadpath
ERRDOS/ERRinvdevice
ERRSRV/ERRaccess
ERRSRV/ERRbadpw
ERRSRV/ERRinvnetname