Export (0) Print
Expand All

2.2.4.52.2 Response

The server's response is dependent upon the dialect, if any, that the server has selected.

  • If the server is returning an error, the WordCount and ByteCount SHOULD be 0x00 and 0x0000, respectively.

  • If the server has selected the Core Protocol dialect, or if none of the offered protocols is supported by the server, then WordCount MUST be 0x01 and the dialect index (the selected dialect) MUST be returned as the only parameter.

  • If the server has selected any dialect from LAN Manager 1.0 through LAN Manager 2.1, WordCount MUST be 0x0D. See [XOPEN-SMB] for a specification of the LAN Manager dialects other than LAN Manager 2.1. [SMB-LM21] provides documentation on the extensions to the LAN Manager 2.0 dialect that define the LAN Manager 2.1 dialect.

  • If the server has selected the NT LAN Manager dialect, then WordCount MUST be 0x11.

Other dialects can return an SMB_COM_NEGOTIATE (section 2.2.4.52) response using different formats. The value of WordCount MUST, therefore, be considered variable until the dialect has been determined. All dialects MUST return the DialectIndex as the first entry in the SMB_Parameters.Words array. That is, the structure returned by the Core Protocol is the common minimum. That structure is as follows.

SMB_Parameters
  {
  UCHAR  WordCount;
  Words
    {
    USHORT DialectIndex;
    }
  }
SMB_Data
  {
  USHORT ByteCount;
  }

SMB_Header

CID (2 bytes): If the underlying transport is connectionless (for example, Direct IPX), the Connection ID (CID) is returned by the server.


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

SMB_Parameters (variable)

...

SMB_Data

SMB_Parameters (variable):


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

WordCount

Words (variable)

...

WordCount (1 byte): The value of this field MUST be greater than or equal to 0x01.

Words (variable):


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

DialectIndex

DialectIndex (2 bytes): The index of the dialect selected by the server from the list presented in the request. Dialect entries are numbered starting with 0x0000, so a DialectIndex value of 0x0000 indicates that the first entry in the list has been selected. If the server does not support any of the listed dialects, it MUST return a DialectIndex of 0XFFFF.

 

SMB_Data (2 bytes):


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

ByteCount

ByteCount (2 bytes): The value of this field MUST be set to 0x0000.

If the negotiated dialect is NT LAN Manager, the structure of the SMB_COM_NEGOTIATE response is as follows.

SMB_Parameters
  {
  UCHAR  WordCount;
  Words
    {
    USHORT   DialectIndex;
    UCHAR    SecurityMode;
    USHORT   MaxMpxCount;
    USHORT   MaxNumberVcs;
    ULONG    MaxBufferSize;
    ULONG    MaxRawSize;
    ULONG    SessionKey;
    ULONG    Capabilities;
    FILETIME SystemTime;
    SHORT    ServerTimeZone;
    UCHAR    ChallengeLength;
    }
  }
SMB_Data
  {
  USHORT ByteCount;
  Bytes
    {
    UCHAR  Challenge[];
    SMB_STRING  DomainName[];
    }
  }

SMB_Header

CID (2 bytes): If the underlying transport is connectionless (for example, Direct IPX Transport), the Connection ID (CID) is returned by the server.


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

SMB_Parameters (variable)

...

SMB_Data (variable)

...

SMB_Parameters (variable):


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

WordCount

Words (variable)

...

WordCount (1 byte): The value of this field MUST be 0x11.

 
 

Words (variable):

 


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

DialectIndex

SecurityMode

MaxMpxCount

...

MaxNumberVcs

MaxBufferSize

...

MaxRawSize

...

SessionKey

...

Capabilities

...

SystemTime

...

...

ServerTimeZone

...

ChallengeLength

DialectIndex (2 bytes): The index of the dialect selected by the server from the list presented in the request. Dialect entries are numbered starting with 0x0000, so a DialectIndex value of 0x0000 indicates the first entry in the list. If the server does not support any of the listed dialects, it MUST return a DialectIndex of 0xFFFF.

 

SecurityMode (1 byte): An 8-bit field indicating the security modes supported or required by the server, as follows:

 

Name and bitmask Meaning

NEGOTIATE_USER_SECURITY
0x01

If clear (0), the server supports only Share Level access control.

If set (1), the server supports only User Level access control.

NEGOTIATE_ENCRYPT_PASSWORDS
0x02

If clear, the server supports only plaintext password authentication.

If set, the server supports challenge/response authentication.<77>

NEGOTIATE_SECURITY_SIGNATURES_ENABLED
0x04

If clear, the server does not support SMB security signatures.

If set, the server supports SMB security signatures for this connection.<78>

NEGOTIATE_SECURITY_SIGNATURES_REQUIRED
0x08

If clear, the security signatures are optional for this connection.

If set, the server requires security signatures.

This bit MUST be clear if the NEGOTIATE_SECURITY_SIGNATURES_ENABLED bit is clear.

Reserved
0xF0

The remaining bits are reserved and MUST be zero.

MaxMpxCount (2 bytes): The maximum number of outstanding SMB operations that the server supports. This value includes existing OpLocks, the NT_TRANSACT_NOTIFY_CHANGE subcommand, and any other commands that are pending on the server. If the negotiated MaxMpxCount is 0x0001, then OpLock support MUST be disabled for this session. The MaxMpxCount MUST be greater than 0x0000. This parameter has no specific relationship to the SMB_COM_READ_MPX and SMB_COM_WRITE_MPX commands.<79>

 

MaxNumberVcs (2 bytes): The maximum number of virtual circuits that can be established between the client and the server as part of the same SMB session.<80>

 

MaxBufferSize (4 bytes): The maximum size, in bytes, of the largest SMB message that the server can receive. This is the size of the largest SMB message that the client can send to the server. SMB message size includes the size of the SMB header, parameter, and data blocks. This size does not include any transport-layer framing or other transport-layer data. The server SHOULD<81> provide a MaxBufferSize of 4356 bytes, and MUST be a multiple of 4 bytes. If CAP_RAW_MODE is negotiated, the SMB_COM_WRITE_RAW command can bypass the MaxBufferSize limit. Otherwise, SMB messages sent to the server MUST have a total size less than or equal to the MaxBufferSize value. This includes AndX chained messages.

 

MaxRawSize (4 bytes): This value specifies the maximum message size when the client sends an SMB_COM_WRITE_RAW Request (section 2.2.4.25.1), and the maximum message size that the server MUST NOT exceed when sending an SMB_COM_READ_RAW Response (section 2.2.4.22.2). This value is significant only if CAP_RAW_MODE is negotiated.<82>

 

SessionKey (4 bytes): The server SHOULD set the value to a token generated for the connection, as specified in SessionKey Generation (section 2.2.1.6.6).

 

Capabilities (4 bytes): A 32-bit field providing a set of server capability indicators. This bit field is used to indicate to the client which features are supported by the server. Any value not listed in the following table is unused. The server MUST set the unused bits to 0 in a response, and the client MUST ignore these bits.

 

Name and bitmask Meaning

CAP_RAW_MODE
0x00000001

The server supports SMB_COM_READ_RAW and SMB_COM_WRITE_RAW requests. Raw mode is not supported over connectionless transports.

CAP_MPX_MODE
0x00000002

The server supports SMB_COM_READ_MPX and SMB_COM_WRITE_MPX requests. MPX mode is supported only over connectionless transports.

CAP_UNICODE
0x00000004

The server supports UTF-16LE Unicode strings.

CAP_LARGE_FILES
0x00000008

The server supports 64-bit file offsets.

CAP_NT_SMBS
0x00000010

The server supports SMB commands particular to the NT LAN Manager dialect.

CAP_RPC_REMOTE_APIS
0x00000020

The server supports the use of Microsoft remote procedure call (MS-RPC) for remote API calls. Similar functionality would otherwise require use of the legacy Remote Administration Protocol, as specified in [MS-RAP].

CAP_STATUS32
0x00000040

The server is capable of responding with 32-bit status codes in the Status field of the SMB Header (section 2.2.3.1) (for more information, see 2.2.3.1).

CAP_STATUS32 is also sometimes referred to as CAP_NT_STATUS.

CAP_LEVEL_II_OPLOCKS
0x00000080

The server supports level II opportunistic locks (OpLocks).

CAP_LOCK_AND_READ
0x00000100

The server supports the SMB_COM_LOCK_AND_READ command request.

CAP_NT_FIND
0x00000200

The server supports the TRANS2_FIND_FIRST2, TRANS2_FIND_NEXT2, and FIND_CLOSE2 command requests. This bit SHOULD be set if CAP_NT_SMBS is set.<83>

CAP_BULK_TRANSFER
0x00000400

This value was reserved but not implemented and MUST be zero.<84>

CAP_COMPRESSED_DATA
0x00000800

This value was reserved but not implemented and MUST be zero.<85>

CAP_DFS
0x00001000

The server is aware of the DFS Referral Protocol, as specified in [MS-DFSC], and can respond to Microsoft DFS referral requests. For more information, see sections 2.2.6.16.1 and 2.2.6.16.2.

CAP_QUADWORD_ALIGNED
0x00002000

This value was reserved but not implemented and MUST be zero.<86>

CAP_LARGE_READX
0x00004000

The server supports large read operations.This capability affects the maximum size, in bytes, of the server buffer for sending an SMB_COM_READ_ANDX response to the client. When this capability is set by the server (and set by the client in the SMB_COM_SESSION_SETUP_ANDX request), the maximum server buffer size for sending data can be up to 65,535 bytes rather than the MaxBufferSize field. Therefore, the server can send a single SMB_COM_READ_ANDX response to the client up to this size.

SystemTime (8 bytes): The number of 100-nanosecond intervals that have elapsed since January 1, 1601, in Coordinated Universal Time (UTC) format.<87>

 

ServerTimeZone (2 bytes): SHORT A signed 16-bit signed integer that represents the server's time zone, in minutes, from UTC. The time zone of the server MUST be expressed in minutes, plus or minus, from UTC.<88>

 

ChallengeLength (1 byte): This field MUST be 0x00 or 0x08. The length of the random challenge used in challenge/response authentication. If the server does not support challenge/response authentication, this field MUST be 0x00. This field is often referred to in older documentation as EncryptionKeyLength.

 

SMB_Data (variable):


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

ByteCount

Bytes (variable)

...

ByteCount (2 bytes): This field MUST be greater than or equal to 0x0001. If CAP_UNICODE has been negotiated, it MUST be greater than or equal to 0x0002.

 
 

Bytes (variable):

 


0

1

2

3

4

5

6

7

8

9
1
0

1

2

3

4

5

6

7

8

9
2
0

1

2

3

4

5

6

7

8

9
3
0

1

Challenge (variable)

...

DomainName (variable)

...

Challenge (variable): An array of unsigned bytes that MUST be ChallengeLength bytes long and MUST represent the server challenge. This array MUST NOT be null-terminated. This field is often referred to in older documentation as EncryptionKey.

 

DomainName (variable): The null-terminated name of the NT domain or workgroup to which the server belongs.<89>

 

Error Codes

SMB error class

SMB error code

NT status code

POSIX equivalent

Description

ERRSRV (0x02)

ERRerror (0x0001)

STATUS_INVALID_SMB

(0x00010002)

 

The command was already sent.

 
Show:
© 2014 Microsoft