3.3.5.2.9 Verifying the Session

If the server implements the SMB 3.x dialect family, Connection.ConstrainedConnection is TRUE and AllowAnonymousAccess is FALSE, the server MUST disconnect the connection.

The server MUST look up the Session in Connection.SessionTable by using the SessionId in the SMB2 header of the request. If SessionId is not found in Connection.SessionTable, the server MUST fail the request with STATUS_USER_SESSION_DELETED.

If a session is found and Session.State is Expired, the server MUST continue to process the SMB2 LOGOFF, SMB2 CLOSE, and SMB2 LOCK commands. If the command is not one of these, the server SHOULD<267> fail the request with STATUS_NETWORK_SESSION_EXPIRED.

If Session.State is InProgress, the server MUST continue to process the SMB2 LOGOFF, SMB2 CLOSE, and SMB2 LOCK commands. If the command is not one of these, the server MUST fail the request with an implementation-specific<268> error code.

If Connection.Dialect belongs to the SMB 3.x dialect family, and Session.EncryptData is TRUE, the server MUST do the following:

  • If the server supports the 3.1.1 dialect, locate the Request in the Connection.RequestList for which the Request.MessageId matches the MessageId value in the SMB2 header of the request.

    Otherwise, if the server supports the 3.0 or 3.0.2 dialect, and RejectUnencryptedAccess is TRUE, locate the Request in the Connection.RequestList for which Request.MessageId matches the MessageId value in the SMB2 header of the request.

  • If Request.IsEncrypted is FALSE, the server MUST fail the request with STATUS_ACCESS_DENIED.