2.2.4.55.1 Request
-
SMB_Parameters { UCHAR WordCount; Words { UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; USHORT Flags; USHORT PasswordLength; } } SMB_Data { USHORT ByteCount; Bytes { UCHAR Password[PasswordLength]; UCHAR Pad[]; SMB_STRING Path; OEM_STRING Service; } }
SMB_Header:
-
-
TID (2 bytes): This field MAY contain a valid TID. If the SMB_Header.TID is valid and the lowest-order bit of the SMB_Parameters.Words.Flags field is set, the SMB_Header.TID MUST be disconnected.
-
UID (2 bytes): This field MUST contain a UID returned in a previously successful SMB_COM_SESSION_SETUP_ANDX Response (section 2.2.4.53.2). If the server is operating in share level access control mode, then the UID represents anonymous, or "null session" authentication. If the server is operating in user level access control mode, then the server MUST validate the UID.
-
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SMB_Parameters |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
SMB_Data (variable) |
||||||||||||||||||||||||||||||
... |
SMB_Parameters (9 bytes):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1WordCount
Words
...
...
-
WordCount (1 byte): The value of this field MUST be 0x04.
-
Words (8 bytes):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1AndXCommand
AndXReserved
AndXOffset
Flags
PasswordLength
-
AndXCommand (1 byte): The command code for the next SMB command in the packet. This value MUST be set to 0xFF if there are no additional SMB command requests in the request packet.
-
AndXReserved (1 byte): A reserved field. This MUST be set to 0x00 when this request is sent, and the server MUST ignore this value.
-
AndXOffset (2 bytes): This field MUST be set to the offset in bytes from the start of the SMB Header (section 2.2.3.1) to the start of the WordCount field of the next SMB command request in this packet. This field is valid only if the AndXCommand field is not set to 0xFF. If AndXCommand is 0xFF, this field MUST be ignored by the server.
-
Flags (2 bytes): A 16-bit field used to modify the SMB_COM_TREE_CONNECT_ANDX Request (section 2.2.4.55.1). The client MUST set reserved values to 0, and the server MUST ignore them.
-
-
Bitmask
Meaning
TREE_CONNECT_ANDX_DISCONNECT_TID
0x0001
If this bit is set and the SMB_Header.TID field of the request is valid, the tree connect specified by the SMB_Header.TID field of the request SHOULD be disconnected when the server sends the response. If this tree disconnect fails, the error SHOULD be ignored. If this bit is set and the SMB_Header.TID field of the request is invalid, the server MUST ignore this bit.
0x0002
Reserved. SHOULD be zero.<106>
0xFFFC
Reserved. MUST be zero.
-
-
-
PasswordLength (2 bytes): This field MUST be the length, in bytes, of the SMB_Data.Bytes.Password field.
-
SMB_Data (variable):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1ByteCount
Bytes (variable)
...
-
ByteCount (2 bytes): The value of this field MUST be 0x0003 or greater.
-
Bytes (variable):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Password (variable)
...
Pad (variable)
...
Path (variable)
...
Service (variable)
...
-
Password (variable): An array of bytes.
-
If the server is operating in share level access control mode and plaintext passwords have been negotiated, then the Password MUST be an OEM_STRING representing the user's password in plaintext.
If the server is operating in share level access control mode and challenge/response authentication has been negotiated, then the Password MUST be an authentication response.
If authentication is not used, then the Password SHOULD be a single null padding byte (which takes the place of the Pad[] byte).
The SMB_Parameters.Bytes.PasswordLength MUST be the full length of the Password field. If the Password is the null padding byte, the password length is 1.
-
-
Pad (variable): Padding bytes. If Unicode support has been enabled and SMB_FLAGS2_UNICODE is set in SMB_Header.Flags2, this field MUST contain zero or one null padding bytes as needed to ensure that the Path string is aligned on a 16-bit boundary.
-
Path (variable): A null-terminated string that represents the server and share name of the resource to which the client attempts to connect. This field MUST be encoded using Universal Naming Convention (UNC) syntax. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB Header of the request, the string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, the string MUST be a null-terminated array of OEM characters. If the string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB Header. A path in UNC syntax would be represented by a string in the following form:
-
\\server\share
-
-
Service (variable): The type of resource that the client attempts to access. This field MUST be a null-terminated array of OEM characters even if the client and server have negotiated to use Unicode strings. The valid values for this field are as follows:
-
-
Service String
Description
"A:"
Disk Share
"LPT1:"
Printer Share
"IPC"
Named Pipe
"COMM"
Serial Communications device
"?????"
Matches any type of device or resource
-
-
-