3.3.5.3.2 SMB 2.0.2 Support

The server MUST scan the dialects provided for the dialect string "SMB 2.002". If the string is present, the client understands SMB2, and the server MUST respond with an SMB2 NEGOTIATE Response. If the string is not present in the dialect list and the server also implements SMB as specified in [MS-SMB], it MUST terminate SMB2 processing on this connection and start SMB processing on this connection. If the string is not present in the dialect list and the server does not implement SMB, the server MUST disconnect the connection, as specified in section 3.3.7.1, without sending a response.

The server MUST set the command of the SMB2 header to SMB2 NEGOTIATE. All other values MUST be set following the syntax specified in section 2.2.1, and any value not defined there with a default MUST be set to 0. The header is followed by an SMB2 NEGOTIATE Response that MUST be constructed as specified in section 2.2.4, with the following specific values:

  • SecurityMode MUST have the SMB2_NEGOTIATE_SIGNING_ENABLED bit set.

  • If RequireMessageSigning is TRUE, the server MUST also set SMB2_NEGOTIATE_SIGNING_REQUIRED in the SecurityMode.

  • DialectRevision MUST be set to 0x0202.

  • ServerGuid is set to the global ServerGuid value.

  • If the server supports the Distributed File System, set the SMB2_GLOBAL_CAP_DFS bit in the Capabilities field of the negotiate response.

  • MaxTransactSize is set to the maximum buffer size,<277> in bytes, that the server will accept on this connection for QUERY_INFO, QUERY_DIRECTORY, SET_INFO, and CHANGE_NOTIFY operations. This field is applicable only for buffers sent by the client in SET_INFO requests, or returned from the server in QUERY_INFO, QUERY_DIRECTORY, and CHANGE_NOTIFY responses. Connection.MaxTransactSize MUST be set to MaxTransactSize.

  • MaxReadSize is set to the maximum size,<278> in bytes, of the Length in an SMB2 READ Request (2.2.19) that the server will accept on the transport that established this connection. Connection.MaxReadSize MUST be set to MaxReadSize.

  • MaxWriteSize is set to the maximum size,<279> in bytes, of the Length in an SMB2 WRITE Request (2.2.21) that the server will accept on the transport that established this connection. Connection.MaxWriteSize MUST be set to MaxWriteSize.

  • SystemTime is set to the current time, in FILETIME format as specified in [MS-DTYP] section 2.3.3.

  • ServerStartTime SHOULD<280> be set to zero.

  • SecurityBufferOffset is set to the offset to the Buffer field in the response in bytes from the beginning of the SMB2 header.

  • SecurityBufferLength is set to the length of the data being returned in the Buffer field.

  • Buffer is filled with a GSS token, generated as follows. Alternatively, an empty Buffer MAY be returned, which elicits client-initiated authentication with an authentication protocol of the client's choice.

The generation of the GSS token for the SMB2 NEGOTIATE Response MUST be done as specified in [MS-SPNG] section 3.2.5.2. The server MUST initialize the mechanism with the Integrity, Confidentiality, and Delegate options and use the server-initiated variation as specified in [MS-SPNG] section 3.2.5.2.

Connection.Dialect MUST be set to "2.0.2", Connection.NegotiateDialect MUST be set to 0x0202, and the response is sent to the client.

Connection.SupportsMultiCredit MUST be set to FALSE.