Export (0) Print
Expand All

3.3.5.4 Receiving an SMB2 NEGOTIATE Request

When the server receives a request with an SMB2 header with a Command value equal to SMB2 NEGOTIATE, it MUST process it as follows:

If Connection.NegotiateDialect is 0x0202, 0x0210, 0x0300, or 0x0302 the server MUST disconnect the connection, as specified in section 3.3.7.1, and not reply.

The server MUST set Connection.ClientCapabilities to the capabilities received in the SMB2 NEGOTIATE request.

If the server implements the SMB 3.x dialect family, the server MUST set Connection.ClientSecurityMode to the SecurityMode field of the SMB2 NEGOTIATE Request.

If the server implements the SMB2.1 or 3.x dialect family, the server MUST set Connection.ClientGuid to the ClientGuid field of the SMB2 NEGOTIATE Request.

If SMB2_NEGOTIATE_SIGNING_REQUIRED is set in SecurityMode, the server MUST set Connection.ShouldSign to TRUE.

If the DialectCount of the SMB2 NEGOTIATE Request is 0, the server MUST fail the request with STATUS_INVALID_PARAMETER.

The server MUST select the greatest common dialect between the dialects it implements and the Dialects array of the SMB2 NEGOTIATE request. If a common dialect is not found, the server MUST fail the request with STATUS_NOT_SUPPORTED.

If a common dialect is found, the server MUST set Connection.Dialect to "2.002", "2.100", "3.000", or "3.002", and Connection.NegotiateDialect to 0x0202, 0x0210, 0x0300, or 0x0302 accordingly, to reflect the dialect selected. The server MUST then construct an SMB2 NEGOTIATE Response, as specified in section 2.2.4, with the following specific values, and return STATUS_SUCCESS to the client.

If the common dialect is SMB 2.1 or 3.x dialect family and the underlying connection is either TCP port 445 or RDMA, Connection.SupportsMultiCredit MUST be set to TRUE; otherwise, it MUST be set to FALSE.

  • SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set.

  • If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode field.

  • DialectRevision MUST be set to the common dialect.

  • ServerGuid is set to the global ServerGuid value.

  • The Capabilities field MUST be set to a combination of zero or more of the following bit values, as specified in section 2.2.4:

    • SMB2_GLOBAL_CAP_DFS if the server supports the Distributed File System.

    • SMB2_GLOBAL_CAP_LEASING if the server supports leasing.

    • SMB2_GLOBAL_CAP_LARGE_MTU if Connection.SupportsMultiCredit is TRUE.

    • SMB2_GLOBAL_CAP_MULTI_CHANNEL if Connection.Dialect belongs to the SMB 3.x dialect family, IsMultiChannelCapable is TRUE, and SMB2_GLOBAL_CAP_MULTI_CHANNEL is set in the Capabilities field of the request.

    • SMB2_GLOBAL_CAP_DIRECTORY_LEASING if Connection.Dialect belongs to the SMB 3.x dialect family, the server supports directory leasing, and SMB2_GLOBAL_CAP_DIRECTORY_LEASING is set in the Capabilities field of the request.

    • SMB2_GLOBAL_CAP_PERSISTENT_HANDLES if Connection.Dialect belongs to the SMB 3.x dialect family, SMB2_GLOBAL_CAP_PERSISTENT_HANDLES is set in the Capabilities field of the request, and the server supports persistent handles.

    • SMB2_GLOBAL_CAP_ENCRYPTION if Connection.Dialect belongs to the SMB 3.x dialect family, the server supports encryption, and SMB2_GLOBAL_CAP_ENCRYPTION is set in the Capabilities field of the request.

  • MaxTransactSize is set to the maximum buffer size,<222> in bytes, that the server will accept on this connection for QUERY_INFO, QUERY_DIRECTORY, SET_INFO and CHANGE_NOTIFY operations. This field is applicable only for buffers sent by the client in SET_INFO requests, or returned from the server in QUERY_INFO, QUERY_DIRECTORY, and CHANGE_NOTIFY responses. Connection.MaxTransactSize MUST be set to MaxTransactSize.

  • MaxReadSize is set to the maximum size,<223> in bytes, of the Length in an SMB2 READ Request (section 2.2.19) that the server will accept on the transport that established this connection. Connection.MaxReadSize MUST be set to MaxReadSize.

  • MaxWriteSize is set to the maximum size,<224> in bytes, of the Length in an SMB2 WRITE Request (section 2.2.21) that the server will accept on the transport that established this connection. Connection.MaxWriteSize MUST be set to MaxWriteSize.

  • SystemTime is set to the current time, in FILETIME format as specified in [MS-DTYP] section 2.3.3.

  • ServerStartTime is set to the global ServerStartTime value.

  • SecurityBufferOffset is set to the offset to the Buffer field in the response, in bytes, from the beginning of the SMB2 header.

  • SecurityBufferLength is set to the length of the data being returned in the Buffer field.

  • Buffer is filled with the GSS token, generated as follows. Alternatively, an empty Buffer MAY be returned, which will elicit client-initiated authentication with an authentication protocol of the client's choice.

The generation of the GSS token for the SMB2 NEGOTIATE Response MUST be done as specified in [MS-SPNG] section 3.2.5.2. The server MUST initialize the mechanism with the Integrity, Confidentiality, and Delegate options and use the server-initiated variation as specified in [MS-SPNG] section 3.2.5.2.

The status code returned by this operation MUST be one of those defined in [MS-ERREF]. Common status codes returned by this operation include:

  • STATUS_SUCCESS

  • STATUS_INSUFFICIENT_RESOURCES

  • STATUS_INVALID_PARAMETER

  • STATUS_NOT_SUPPORTED

If the server implements the SMB 3.x dialect family, the server MUST store the value of the SecurityMode field in Connection.ServerSecurityMode and MUST store the value of the Capabilities field in Connection.ServerCapabilities.

 
Show:
© 2014 Microsoft