2.2.4.5.2.2 Non-Extended Security Response

If extended security is not being used and the NT LAN Manager dialect has been selected, then a successful response MUST take the following form. Aside from the new SMB_Parameters.Words.Capabilities bits, the additional notes to the SMB_Parameters.Words.MaxBufferSize field, and the SMB_Data.Bytes.ServerName field, all other fields are defined as specified in [MS-CIFS] section 2.2.4.52.2. The SMB_Parameters.Words.ChallengeLength field and the entire SMB_Data block are included from [MS-CIFS] to highlight the differences between the Extended and Non-Extended Security responses.

In order to determine whether the SMB_Data.Bytes.ServerName field is present, the client MUST check the SMB_Data.ByteCount field to determine whether additional data is present beyond the NULL terminator of the SMB_Data.Bytes.DomainName string.

 SMB_Parameters
   {
   UCHAR  WordCount;
   Words
     {
     USHORT   DialectIndex;
     UCHAR    SecurityMode;
     USHORT   MaxMpxCount;
     USHORT   MaxNumberVcs;
     ULONG    MaxBufferSize;
     ULONG    MaxRawSize;
     ULONG    SessionKey;
     ULONG    Capabilities;
     FILETIME SystemTime;
     SHORT    ServerTimeZone;
     UCHAR    ChallengeLength;
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     UCHAR      Challenge[];
     SMB_STRING DomainName[];
     SMB_STRING ServerName[];
     }
   }


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SMB_Parameters (35 bytes)

...

...

...

SMB_Data (variable)

...

SMB_Parameters (35 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Words (34 bytes)

...

...

...

Words (34 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

DialectIndex

SecurityMode

MaxMpxCount

...

MaxNumberVcs

MaxBufferSize

...

MaxRawSize

...

SessionKey

...

Capabilities

...

SystemTime

...

...

ServerTimeZone

...

ChallengeLength

MaxBufferSize (4 bytes): Maximum size, in bytes, of the server buffer for receiving SMB messages. This value indicates the size of the largest SMB message that the server is capable of receiving from the client, measured from the start of the SMB header to the end of the packet. This value does not account for any underlying transport-layer packet headers and thus does not account for the size of the complete network packet.<41>

The only exceptions in which this maximum buffer size can be exceeded are:

  • When the SMB_COM_WRITE_ANDX command is used and both the client and server support the CAP_LARGE_WRITEX capability (see the Capabilities field for more information).

  • When the SMB_COM_READ_ANDX command is used and both the client and server support the CAP_LARGE_READX capability (see the Capabilities field for more information).

  • When the SMB_COM_WRITE_RAW command is used and both the client and server support the CAP_RAW_MODE capability.

Capabilities (4 bytes): A 32-bit field providing a set of server capability indicators. This bit field is used to indicate to the client which features are supported by the server. Any value not listed in the following table is unused. The server MUST set the unused bits to zero in a response and the client MUST ignore these bits.

There are several new capability bits:

  • CAP_COMPRESSED_DATA

  • CAP_DYNAMIC_REAUTH

  • CAP_EXTENDED_SECURITY

  • CAP_INFOLEVEL_PASSTHRU

  • CAP_LARGE_WRITEX

  • CAP_LWIO

  • CAP_UNIX

Any value not listed in the following table SHOULD be unused. A server SHOULD set the unused bits to zero in a response and a client MUST ignore these bits. The table of server capabilities is provided in the previous section.

ChallengeLength (1 byte): The value of this field MUST be 0x08 and is the length of the random challenge used in challenge/response authentication. This field is often referred to as EncryptionKeyLength.

SMB_Data (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ByteCount

Bytes (variable)

...

ByteCount (2 bytes): This field MUST be greater than or equal to 0x0003.

Bytes (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Challenge (variable)

...

DomainName (variable)

...

ServerName (variable)

...

Challenge (variable): An array of unsigned bytes that MUST be the length of the number of bytes specified in the ChallengeLength field and MUST represent the server challenge. This array MUST NOT be NULL-terminated.<42>

DomainName (variable): The name of the domain or workgroup to which the server belongs.

ServerName (variable): A variable-length, NULL-terminated Unicode string that contains the name of the Server.