Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
3.2.5.2 Receiving an SMB2 NEGOTIATE Response

3.2.5.2 Receiving an SMB2 NEGOTIATE Response

If the Status field in the SMB2 header of the response is not STATUS_SUCCESS, the client MUST return the error code to the calling application.

The client MUST store the received MaxTransactSize in Connection.MaxTransactSize, the received MaxReadSize in Connection.MaxReadSize, the received MaxWriteSize in Connection.MaxWriteSize, and the received ServerGuid in Connection.ServerGuid.<153> The client MUST store the received security buffer described by SecurityBufferOffset and SecurityBufferLength into Connection.GSSNegotiateToken.

If the SecurityMode field in the SMB2 header of the response has the SMB2_NEGOTIATE_SIGNING_REQUIRED bit set, the client MUST set Connection.RequireSigning to TRUE.

If the client implements SMB 3.1.1, the DialectRevision in the SMB2 NEGOTIATE Response is 0x02FF, and the Connection is NetBIOS over TCP, the client MUST close the connection. The client MUST establish a new connection to the server, as specified in section 3.2.4.2.1, by providing the ServerName and TransportIdentifier indicating Direct TCP transport.

If the DialectRevision in the SMB2 NEGOTIATE Response is 0x02FF, the client MUST issue a new SMB2 NEGOTIATE request as described in section 3.2.4.2.2.2 with the only exception that the client MUST allocate sequence number 1 from Connection.SequenceWindow, and MUST set MessageId field of the SMB2 header to 1. Otherwise, the client MUST proceed as follows.

If the client implements SMB 2.1 or SMB 3.x dialect family, the client MUST perform the following:

  • The client MUST store the returned dialect in Connection.Dialect.

  • If SMB2_GLOBAL_CAP_LEASING is set in the Capabilities field of the SMB2 NEGOTIATE Response, the client MUST set Connection.SupportsFileLeasing to TRUE. Otherwise, it MUST be set to FALSE.

  • If SMB2_GLOBAL_CAP_LARGE_MTU is set in the Capabilities field of the SMB2 NEGOTIATE Response, the client MUST set Connection.SupportsMultiCredit to TRUE. Otherwise, it MUST be set to FALSE.

If Connection.Dialect belongs to the SMB 3.x dialect family, the client MUST perform the following:

  • If SMB2_GLOBAL_CAP_DIRECTORY_LEASING is set in the Capabilities field of the SMB2 NEGOTIATE Response, the client MUST set Connection.SupportsDirectoryLeasing to TRUE. Otherwise, it MUST be set to FALSE.

  • If SMB2_GLOBAL_CAP_MULTI_CHANNEL is set in the Capabilities field of the SMB2 NEGOTIATE Response, the client MUST set Connection.SupportsMultiChannel to TRUE. Otherwise, it MUST be set to FALSE.

  • If SMB2_GLOBAL_CAP_PERSISTENT_HANDLES is set in the Capabilities field of the SMB2 NEGOTIATE Response, the client SHOULD invoke the event as specified in [MS-SWN] section 3.2.4.1 by providing Connection.ServerName as Netname parameter.

  • If SMB2_GLOBAL_CAP_ENCRYPTION is set in the Capabilities field of the SMB2 NEGOTIATE Response, the client MUST set Connection.SupportsEncryption to TRUE. Otherwise, it MUST be set to FALSE.

  • Connection.ServerCapabilities MUST be set to the Capabilities field of the SMB2 NEGOTIATE Response.

  • Connection.ServerSecurityMode MUST be set to the SecurityMode field of the SMB2 NEGOTIATE Response.

If the client implements the SMB 3.x dialect family and Connection.Server is not NULL, the client MUST disconnect the connection if any of the following conditions is satisfied:

  • Connection.Server.ServerGUID does not match ServerGUID in the response.

  • Connection.Server.DialectRevision does not match DialectRevision in the response.

  • Connection.Server.SecurityMode does not match SecurityMode in the response.

  • Connection.Server.Capabilities does not match Capabilities in the response.

If the client implements the SMB 3.x dialect family and Connection.Server is NULL, the client MUST set the following values:

  • Connection.Server.ServerGUID to ServerGUID in the response

  • Connection.Server.DialectRevision to DialectRevision in the response

  • Connection.Server.SecurityMode to SecurityMode in the response

  • Connection.Server.Capabilities to Capabilities in the response

If Connection.Dialect is "3.1.1", the client MUST process the negotiate context list that is specified by the response's NegotiateContextOffset and NegotiateContextCount fields as follows:

  • Processing the SMB2_PREAUTH_INTEGRITY_CAPABILITIES negotiate context:

    • If the negotiate context list does not contain exactly one SMB2_PREAUTH_INTEGRITY_CAPABILITIES negotiate context, then the client MUST return an error to the calling application.

    • If HashAlgorithmCount is not 1, then the client MUST return an error to the calling application.

    • If HashAlgorithms[0] is not one of the hash algorithms from the set of hash algorithms that the client specified in its negotiate request, then the client MUST return an error to the calling application.

    • The client MUST set Connection.PreauthIntegrityHashId to HashAlgorithms[0].

  • Processing the SMB2_ENCRYPTION_CAPABILITIES negotiate context

    • If the client's negotiate request did not contain an SMB2_ENCRYPTION_CAPABILITIES negotiate context, then the client MUST return an error to the calling application.

    • If the negotiate context list contains more than one SMB2_ENCRYPTION_CAPABILITIES negotiate context, then the client MUST return an error to the calling application.

    • If CipherCount is not 1, then the client MUST return an error to the calling application.

    • If Ciphers[0] is not 0 or not one of the ciphers that the client specified in its negotiate request, then the client MUST return an error to the calling application.

    • The client MUST set Connection.CipherId to Ciphers[0].

    • If Connection.CipherId is nonzero, the client MUST set Connection.SupportsEncryption to TRUE. Otherwise, it MUST be set to FALSE.

If Connection.Dialect is "3.1.1", the client MUST update its preauthentication integrity hash value as follows:

  • The client MUST initialize Connection.PreauthIntegrityHashValue with zero.

  • The client MUST generate a hash using the Connection.PreauthIntegrityHashId algorithm on the string constructed by concatenating Connection.PreauthIntegrityHashValue and the negotiate request message retrieved from the first entry of Connection.OutstandingRequests. The client MUST set Connection.PreauthIntegrityHashValue to the hash value generated above.

  • The client MUST generate a hash using Connection.PreauthIntegrityHashId algorithm on the string constructed by concatenating Connection.PreauthIntegrityHashValue and the negotiate response message, including all bytes from the response's SMB2 header to the last byte received from the network. The client MUST set Connection.PreauthIntegrityHashValue to the hash value generated above.

The client MUST continue processing, as specified in section 3.2.4.2.3.

Show:
© 2015 Microsoft