3.2.4.2.2.2 SMB2-Only Negotiate

  • Article

To issue an SMB2-Only negotiate, the client MUST construct an SMB2 NEGOTIATE Request following the syntax as specified in section 2.2.3:

  • Allocate sequence number 0 from the Connection.SequenceWindow and place it in the MessageId field of the SMB2 header.

  • Set the Command field in the SMB2 header to SMB2 NEGOTIATE.

If the application has provided SpecifiedDialects, the client MUST do the following:

  • Set the DialectCount to number of elements in the SpecifiedDialects.

  • Set the value in Dialects array to the values in SpecifiedDialects.

Otherwise, if the client implements the SMB 3.x dialect family and an alternate connection is being established to an already connected Server, the client SHOULD<122> set DialectCount to 1 and set Dialects array to Server.DialectRevision.

Otherwise,

  • Set DialectCount to 0.

  • If the client implements the SMB 2.0.2 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in Dialects[DialectCount-1] array to 0x0202.

  • If the client implements the SMB 2.1 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in Dialects[DialectCount-1] array to 0x0210.

  • If the client implements the SMB 3.0 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in the Dialects[DialectCount-1] array to 0x0300.

  • If the client implements the SMB 3.0.2 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in the Dialects[DialectCount-1] array to 0x0302.

  • If the client implements the SMB 3.1.1 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in the Dialects[DialectCount-1] array to 0x0311.

  • If the client implements SMB 3.x dialect family, Connection.OfferedDialects MUST be set to the values in Dialects array.

  • If RequireMessageSigning is TRUE, the client MUST set the SMB2_NEGOTIATE_SIGNING_REQUIRED bit to TRUE in SecurityMode. If RequireMessageSigning is FALSE, the client MUST set the SMB2_NEGOTIATE_SIGNING_ENABLED bit to TRUE in SecurityMode. The client MUST store the value of the SecurityMode field in Connection.ClientSecurityMode.

  • Set Capabilities and ClientStartTime to 0.

  • If the client implements the SMB 2.1 or SMB 3.x dialect, ClientGuid MUST be set to the global ClientGuid value. Otherwise, it MUST be set to 0. The client MUST set Connection.ClientGuid to the ClientGuid initialized above.

  • If the client implements the SMB 3.x dialect family, the client MUST set the Capabilities field as follows:

    • If MaxDialect is “3.0” or “3.0.2”, IsEncryptionSupported is TRUE and the client supports AES-128-CCM encryption algorithm, the client SHOULD<123> set SMB2_GLOBAL_CAP_ENCRYPTION in the Capabilities field.

    • If MaxDialect is “3.1.1”, IsEncryptionSupported is TRUE and the client supports any of the encryption algorithms specified in section 2.2.3.1.2, the client SHOULD<124> set SMB2_GLOBAL_CAP_ENCRYPTION in the Capabilities field.

    • Remaining bit values in the Capabilities field MUST be set as specified in section 2.2.3.

  • The client MUST set Connection.ClientCapabilities to the Capabilities field.

  • If the client implements the SMB 3.1.1 dialect, it MUST do the following:

    • Set NegotiateContextOffset to 0.

    • Set NegotiateContextCount to 0.

    • Add optional padding after Dialects array to make the next field 8-byte aligned.

    • Add an SMB2 NEGOTIATE_CONTEXT with ContextType as SMB2_PREAUTH_INTEGRITY_CAPABILITIES to the negotiate request as specified in section 2.2.3.1:

      • Increment NegotiateContextCount by 1

      • Set NegotiateContextOffset to the offset of the SMB2 NEGOTIATE_CONTEXT added above.

      • The SMB2_PREAUTH_INTEGRITY_CAPABILITIES negotiate context's Salt buffer SHOULD<125> be initialized to an implementation-specific number of bytes generated for this request by a cryptographically secure pseudo-random number generator.

    • If IsEncryptionSupported is TRUE, it MUST do the following:

      • Increment NegotiateContextCount by 1.

      • Add an SMB2_NEGOTIATE_CONTEXT with ContextType as SMB2_ENCRYPTION_CAPABILITIES to the negotiate request as specified in section 2.2.3.1.

      • If an alternate connection is being established to an already connected Server, set Ciphers to Server.CipherId and CipherCount to 1. Otherwise, set Ciphers with the ciphers supported by the client, if any, in the order of preference and CipherCount to number of ciphers in Ciphers field.<126>

    • If IsCompressionSupported is TRUE, it MUST do the following:

      • Increment NegotiateContextCount by 1.

      • Add an SMB2_NEGOTIATE_CONTEXT with ContextType as SMB2_COMPRESSION_CAPABILITIES to the negotiate request as specified in section 2.2.3.1.

      • CompressionAlgorithms SHOULD<127> be set to the algorithms supported by the client in the order of preference.

      • If IsChainedCompressionSupported is TRUE, SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED bit MUST be set in Flags field.

    • If IsRDMATransformSupported is TRUE, it MUST do the following:

      • Increment NegotiateContextCount by 1.

      • Add an SMB2 NEGOTIATE_CONTEXT with ContextType as SMB2_RDMA_TRANSFORM_CAPABILITIES to the negotiate request as specified in section 2.2.3.1.6.

      • If an alternate connection is being established to an already connected Server, set RDMATransformIds to Server.RDMATransformIds. Otherwise, set RDMATransformIds to the RDMA transforms in an implementation-defined manner.<128>

  • If the client implements the SMB 3.1.1 dialect, the client SHOULD<129> add an SMB2 NEGOTIATE_CONTEXT with ContextType as SMB2_NETNAME_NEGOTIATE_CONTEXT_ID to the negotiate request as specified in section 2.2.3.1:

    • Increment NegotiateContextCount by 1.

    • NetName MUST be set to the application-provided ServerName.

  • If the client implements the SMB 3.1.1 dialect, the client SHOULD<130> add an SMB2 NEGOTIATE_CONTEXT with ContextType as SMB2_SIGNING_CAPABILITIES to the negotiate request as specified in section 2.2.3.1:

    • Increment NegotiateContextCount by 1.

    • If an alternate connection is being established to an already connected Server, set SigningAlgorithms to Server.SigningAlgorithmId and set SigningAlgorithmCount to 1. Otherwise, set SigningAlgorithms to the signing algorithms supported by the client, if any, in the order of preference, and set SigningAlgorithmCount to the number of elements in the SigningAlgorithms field.<131>

  • If the client implements the SMB 3.1.1 dialect, the underlying connection is over QUIC, and DisableEncryptionOverSecureTransport is TRUE, the client MUST add an SMB2 NEGOTIATE_CONTEXT with ContextType as SMB2_TRANSPORT_CAPABILITIES to the negotiate request as specified in section 2.2.3.1:

    • The client MUST increment NegotiateContextCount by 1.

    • The client MUST set Flags to SMB2_ACCEPT_TRANSPORT_LEVEL_SECURITY.

This request MUST be sent to the server.