I have hacked impacket a bit to provide access to the MaximalAccess field in the SMB2 TREE_CONNECT Response. However, I am wondering how to interpret this field. The docs say
Contains the maximal access for the user that establishes the tree connect
on the share based on the share's permissions. This value takes the form as
specified in section 2.2.13.1.
and 2.2.13.1 says:
The SMB2 Access Mask Encoding in SMB2 is a 4-byte bit field value that
contains an array of flags. An access mask can specify access for one of two
basic groups: either for a file, pipe, or printer (specified in section
2.2.13.1.1) or for a directory (specified in section 2.2.13.1.2). Each
access mask MUST be a combination of zero or more of the bit positions
that are shown below.
So is the MaximalAccess mask one for file, pipe, or printer, or for a directory?
This question is also posted at https://learn.microsoft.com/en-us/answers/questions/1101408/smb2-tree-connect-response-maximalaccess-file-or-d.html
