This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 95%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
I have hacked impacket a bit to provide access to the MaximalAccess field in the SMB2 TREE_CONNECT Response. However, I am wondering how to interpret this field. The docs say
Contains the maximal access for the user that establishes the tree connect
on the share based on the share's permissions. This value takes the form as
specified in section 2.2.13.1.
and 2.2.13.1 says:
The SMB2 Access Mask Encoding in SMB2 is a 4-byte bit field value that
contains an array of flags. An access mask can specify access for one of two
basic groups: either for a file, pipe, or printer (specified in section
2.2.13.1.1) or for a directory (specified in section 2.2.13.1.2). Each
access mask MUST be a combination of zero or more of the bit positions
that are shown below.
So is the MaximalAccess mask one for file, pipe, or printer, or for a directory?
This question is also posted at https://stackoverflow.com/questions/74546047
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 23%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Hello DiederickNiehorster-8895, the MaximalAccess mask applies to the ShareType in the request i.e. it can a Pipe, Printer or simply the file share.
The SMB 2 Protocol defines three types of shares: file (or disk) shares, which represent a directory tree and its included files; pipe shares, which expose access to named pipes; and print shares, which provide access to print resources on the server. A pipe share as defined by the SMB 2 Protocol must always have the name "IPC$".
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications
Hi Sreekanth,
Thank you, that makes sense. Should the docs/specification then be updated to read:
Contains the maximal access for the user that establishes the tree connect
on the share based on the share's permissions. This value takes the form as
specified in section 2.2.13.1.1.
? So that is, explicitly referring to File_Pipe_Printer_Access_Mask?
Thanks and all the best,
Dee
Hello DiederickNiehorster-8895, thank you for your question regarding Microsoft Windows Open Specifications. We will review your question and post an update here soon.
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications