If the client adds a 0x10 flag in the Flags field of SMB_COM_OPEN_ANDX, a Windows server will send back an alternate 19 WordCount response. Neither the 0x10 flag nor the 19 WordCount response are documented in MS-CIFS.
Wireshark can't handle the flag or response, but netmon seems to document it. The flag is documented as "RESP_EXTENDED_OPEN_ANDX reply", and the reply seems to contain the MaxAccessRights (as the torture test expects, too). Both the flag and response need to be documented, though. Also, the MS-CIFS OPEN_ANDX documentation doesn't mention ServerFID, but both netmon and wireshark think that the first ULONG worth of the Reserved field is actually "ServerFID," whatever that is. I've attached a short pcap demonstrating the extended response. You can reproduce this at will with the smbtorture RAW-OPEN test. -- Zach Loafman | Staff Engineer Isilon Systems D +1-206-315-7570 F +1-206-315-7485 www.isilon.com P +1-206-315-7500 M +1-206-422-3461
openx_extended.pcap
Description: application/cap
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol