3.3.1.8 Per Session

The server implements the following:

  • Session.SessionId: A numeric value that is used as an index in GlobalSessionTable, and (transformed into a 64-bit number) is sent to clients as the SessionId in the SMB2 header.

  • Session.State: The current activity state of this session. This value MUST be either InProgress, Valid, or Expired.

  • Session.SecurityContext: The security context of the user that authenticated this session. This value MUST be in a form that allows for evaluating security descriptors within the server, as well as being passed to the underlying object store to handle security evaluation that can happen there.

  • Session.IsAnonymous: A Boolean that, if set, indicates that the session is for an anonymous user.

  • Session.IsGuest: A Boolean that, if set, indicates that the session is for a guest user.

  • Session.SessionKey: The first 16 bytes of the cryptographic key for this authenticated context. If the cryptographic key is less than 16 bytes, it is right-padded with zero bytes.

  • Session.SigningRequired: A Boolean that, if set, indicates that all of the messages for this session MUST be signed.

  • Session.OpenTable: A table of opens of files or named pipes, as specified in section 3.3.1.10, that have been opened by this authenticated session and indexed by Open.FileId. The server MUST support enumeration of all entries in the table.

  • Session.TreeConnectTable: A table of tree connects that have been established by this authenticated session to shares on this server, indexed by TreeConnect.TreeId. The server MUST allow enumeration of all entries in the table.

  • Session.ExpirationTime: A value that specifies the time after which the client MUST reauthenticate with the server.

  • Session.Connection: The connection on which this session was established (see also section 3.3.5.5.1).

  • Session.SessionGlobalId: A numeric 32-bit value obtained via registration with [MS-SRVS], as specified in [MS-SRVS] section 3.1.6.2.

  • Session.CreationTime: The time the session was established.

  • Session.IdleTime: The time the session processed its most recent request.

  • Session.UserName: The name of the user who established the session.

If the server implements the SMB 3.x dialect family, it MUST implement the following:

  • Session.ChannelList: A list of channels that have been established on this authenticated session, as specified in section 3.3.1.14.

  • Session.EncryptData: A Boolean that, if set, indicates that the messages on this session SHOULD be encrypted.

  • Session.EncryptionKey: For AES-128-CCM and AES-128-GCM encryption algorithms, this is a 128-bit key used for encrypting the messages. For AES-256-CCM and AES-256-GCM encryption algorithms, this is a 256-bit key used for encrypting the messages.

  • Session.DecryptionKey: For AES-128-CCM and AES-128-GCM encryption algorithms, this is a 128-bit key used for decrypting the messages. For AES-256-CCM and AES-256-GCM encryption algorithms, this is a 256-bit key used for decrypting the messages.

  • Session.SigningKey: A 128 bit key used for signing the SMB2 messages.

  • Session.ApplicationKey: A 128-bit key, for the authenticated context, that is queried by the higher-layer applications.

  • Session.SupportsNotification: A Boolean that, if set, indicates the session supports one-way notifications, which is used to check against subsequent connections in multiple binding requests.

If the server implements the SMB 3.1.1 dialect, it MUST also implement the following:

  • Session.PreauthIntegrityHashValue: The preauthentication integrity hash value that was computed for the exchange of SMB2 SESSION_SETUP request and response messages for this session.

  • Session.FullSessionKey: Cryptographic key for this authenticated context as returned by underlying authentication protocol.