3.2.4.2.2.2 SMB2-Only Negotiate

To issue an SMB2-only negotiate, the client MUST construct an SMB2 NEGOTIATE Request following the syntax as specified in section 2.2.3:

  • Allocate sequence number 0 from the Connection.SequenceWindow and place it in the MessageId field of the SMB2 header.

  • Set the Command field in the SMB2 header to SMB2 NEGOTIATE.

If the application provided a dialect in SpecifiedDialect, the client MUST do the following:

  • Set the DialectCount to 1.

  • Set the value in Dialects[0] array to SpecifiedDialect.

Otherwise,

  • Set DialectCount to 0.

  • If the client implements the SMB 2.0.2 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in Dialects[DialectCount-1] array to 0x0202.

  • If the client implements the SMB 2.1 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in Dialects[DialectCount-1] array to 0x0210.

  • If the client implements the SMB 3.0 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in the Dialects[DialectCount-1] array to 0x0300.

  • If the client implements the SMB 3.0.2 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in the Dialects[DialectCount-1] array to 0x0302.

  • If the client implements the SMB 3.1.1 dialect, it MUST do the following:

    • Increment the DialectCount by 1.

    • Set the value in the Dialects[DialectCount-1] array to 0x0311.

  • If RequireMessageSigning is TRUE, the client MUST set the SMB2_NEGOTIATE_SIGNING_REQUIRED bit to TRUE in SecurityMode. If RequireMessageSigning is FALSE, the client MUST set the SMB2_NEGOTIATE_SIGNING_ENABLED bit to TRUE in SecurityMode. The client MUST store the value of the SecurityMode field in Connection.ClientSecurityMode.

  • Set Capabilities and ClientStartTime to 0.

  • If the client implements the SMB 2.1 or SMB 3.x dialect, ClientGuid SHOULD be set to the Guid provided by the application<102>. Otherwise, it MUST be set to 0. The client MUST set Connection.ClientGuid to the ClientGuid initialized above.

  • If the client implements the SMB 3.x dialect family, the client MUST set the Capabilities field as specified in section 2.2.3, and store the value of Capabilities field in Connection.ClientCapabilities.

  • If the client implements the SMB 3.1.1 dialect, it MUST do the following:

    • Set NegotiateContextOffset to 0.

    • Set NegotiateContextCount to 0.

    • Add optional padding after Dialects array to make the next field 8-byte aligned.

    • Add an SMB2 NEGOTIATE_CONTEXT with ContextType as SMB2_PREAUTH_INTEGRITY_CAPABILITIES to the negotiate request as specified in section 2.2.3.1:

      • Increment NegotiateContextCount by 1

      • Set NegotiateContextOffset to the offset of the SMB2 NEGOTIATE_CONTEXT added above.

      • The SMB2_PREAUTH_INTEGRITY_CAPABILITIES negotiate context's Salt buffer SHOULD<103> be initialized to an implementation-specific number of bytes generated for this request by a cryptographically secure pseudo-random number generator.

    • If the client supports encryption, it MUST do the following:

      • Increment NegotiateContextCount by 1.

      • Add an SMB2_NEGOTIATE_CONTEXT with ContextType as SMB2_ENCRYPTION_CAPABILITIES to the negotiate request as specified in section 2.2.3.1 and initialize the Ciphers field with the ciphers supported by the client in the order of preference.<104>

This request MUST be sent to the server.

Show: