11 Appendix C Share Level Server Security

Each server makes a set of resources available to clients on the network. A resource being shared may be a directory tree, named pipe, printer, etc. As far as clients are concerned , the server has no storage or service dependencies on any other servers; a client considers the server to be the sole provider of the file (or other resource) being accessed.

The CIFS protocol requires server authentication of users before file accesses are allowed, and each server authenticates its own users. A client system must send authentication information to the server before the server will allow access to its resources.

The CIFS protocol used to define two methods that can be selected by the server for security: share level and user level . User level security is the only non-obsolescent method.

A share level server makes some directory on a disk device (or other resource) available. An optional password may be required to gain access. Thus, any user on the network who knows the name of the server, the name of the resource, and the password has access to the resource. Share level security servers may use different passwords for the same shared resource with different passwords, allowing different levels of access.

Share-level-only clients do not send SESSION_SETUP_ANDX requests. Instead, they send TREE_CONNECT_ANDX requests that include a password or use challenge/response authentication to prove that they know a password.

When a user level server validates the account name and password presented by the client, an identifier representing that authenticated instance of the user is returned to the client in the Uid field of the response SMB. In contrast, a share level server returns no useful information in the Uid field.

If the server is executing in share level security mode, Tid is the only thing used to allow access to the shared resource. Thus, if the user is able to perform a successful connection to the server specifying the appropriate netname and passwd (if any), the resource may be accessed according to the access rights associated with the shared resource (same for all who gained access this way).

The user level security model was added after the original dialect of the CIFS protocol was issued, and subsequently some clients may not be capable of sending account name and passwords to the server. A server in user level security mode communicating with one of these clients may allow a client to connect to resources even if the client has not sent account name information:

If the client's computer name is identical to an account name known on the server, and if the password supplied or authenticated via challenge/response to connect to the shared resource matches that account's password, an implicit "user logon" will be performed using those values. If the above fails, the server may fail the request or assign a default account name of its choice.
The value of Uid in subsequent requests by the client will be ignored, and all access will be validated assuming the account name selected above.