2.2.4 SMB2 NEGOTIATE Response
The SMB2 NEGOTIATE Response packet is sent by the server to notify the client of the preferred common dialect. This response is composed of an SMB2 header, as specified in section 2.2.1, followed by this response structure.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
StructureSize |
SecurityMode |
||||||||||||||||||||||||||||||
DialectRevision |
NegotiateContextCount/Reserved |
||||||||||||||||||||||||||||||
ServerGuid |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Capabilities |
|||||||||||||||||||||||||||||||
MaxTransactSize |
|||||||||||||||||||||||||||||||
MaxReadSize |
|||||||||||||||||||||||||||||||
MaxWriteSize |
|||||||||||||||||||||||||||||||
SystemTime |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
ServerStartTime |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
SecurityBufferOffset |
SecurityBufferLength |
||||||||||||||||||||||||||||||
NegotiateContextOffset/Reserved2 |
|||||||||||||||||||||||||||||||
Buffer (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
Padding (variable) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
NegotiateContextList (variable) |
|||||||||||||||||||||||||||||||
... |
StructureSize (2 bytes): The server MUST set this field to 65, indicating the size of the response structure, not including the header. The server MUST set it to this value, regardless of the number of negotiate contexts or how long Buffer[] actually is in the response being sent.
SecurityMode (2 bytes): The security mode field specifies whether SMB signing is enabled, required at the server, or both. This field MUST be constructed using the following values.
-
Value
Meaning
SMB2_NEGOTIATE_SIGNING_ENABLED
0x0001
When set, indicates that security signatures are enabled on the server.
SMB2_NEGOTIATE_SIGNING_REQUIRED
0x0002
When set, indicates that security signatures are required by the server.
DialectRevision (2 bytes): The preferred common SMB 2 Protocol dialect number from the Dialects array that is sent in the SMB2 NEGOTIATE Request (section 2.2.3) or the SMB2 wildcard revision number. The server SHOULD set this field to one of the following values.
-
Value
Meaning
0x0202
SMB 2.0.2 dialect revision number.
0x0210
SMB 2.1 dialect revision number.<20>
0x0300
SMB 3.0 dialect revision number.<21>
0x0302
SMB 3.0.2 dialect revision number.<22>
0x0311
SMB 3.1.1 dialect revision number. <23>
0x02FF
SMB2 wildcard revision number; indicates that the server implements SMB 2.1 or future dialect revisions and expects the client to send a subsequent SMB2 Negotiate request to negotiate the actual SMB 2 Protocol revision to be used. The wildcard revision number is sent only in response to a multi-protocol negotiate request with the "SMB 2.???" dialect string.<24>
NegotiateContextCount/Reserved (2 bytes): If the DialectRevision field is 0x0311, this field specifies the number of negotiate contexts in NegotiateContextList; otherwise, this field MUST NOT be used and MUST be reserved. The server SHOULD set this to 0, and the client MUST ignore it on receipt.<25>
ServerGuid (16 bytes): A globally unique identifier (GUID) that is generated by the server to uniquely identify this server. This field MUST NOT be used by a client as a secure method of identifying a server.<26>
Capabilities (4 bytes): The Capabilities field specifies protocol capabilities for the server. This field MUST be constructed using a combination of zero or more of the following values.
-
Value
Meaning
SMB2_GLOBAL_CAP_DFS
0x00000001
When set, indicates that the server supports the Distributed File System (DFS).
SMB2_GLOBAL_CAP_LEASING
0x00000002
When set, indicates that the server supports leasing. This flag is not valid for the SMB 2.0.2 dialect.
SMB2_GLOBAL_CAP_LARGE_MTU
0x00000004
When set, indicates that the server supports multi-credit operations. This flag is not valid for the SMB 2.0.2 dialect.
SMB2_GLOBAL_CAP_MULTI_CHANNEL
0x00000008
When set, indicates that the server supports establishing multiple channels for a single session. This flag is not valid for the SMB 2.0.2 and SMB 2.1 dialects. .
SMB2_GLOBAL_CAP_PERSISTENT_HANDLES
0x00000010
When set, indicates that the server supports persistent handles. This flag is not valid for the SMB 2.0.2 and SMB 2.1 dialects.
SMB2_GLOBAL_CAP_DIRECTORY_LEASING
0x00000020
When set, indicates that the server supports directory leasing. This flag is not valid for the SMB 2.0.2 and SMB 2.1 dialects.
SMB2_GLOBAL_CAP_ENCRYPTION
0x00000040
When set, indicates that the server supports encryption. This flag is valid for the SMB 3.0 and 3.0.2 dialects.
SMB2_GLOBAL_CAP_NOTIFICATIONS
0x00000080
When set, indicates that the server supports server-to-client notifications, specified in section 2.2.44. This flag is not valid for the SMB 2.0.2, 2.1, 3.0 and 3.0.2 dialects.
MaxTransactSize (4 bytes): The maximum size, in bytes, of the buffer that can be used for QUERY_INFO, QUERY_DIRECTORY, SET_INFO and CHANGE_NOTIFY operations. This field is applicable only for buffers sent by the client in SET_INFO requests, or returned from the server in QUERY_INFO, QUERY_DIRECTORY, and CHANGE_NOTIFY responses.<27>
MaxReadSize (4 bytes): The maximum size, in bytes, of the Length in an SMB2 READ Request (section 2.2.19) that the server will accept.
MaxWriteSize (4 bytes): The maximum size, in bytes, of the Length in an SMB2 WRITE Request (section 2.2.21) that the server will accept.
SystemTime (8 bytes): The system time of the SMB2 server when the SMB2 NEGOTIATE Request was processed; in FILETIME format as specified in [MS-DTYP] section 2.3.3.
ServerStartTime (8 bytes): The SMB2 server start time, in FILETIME format as specified in [MS-DTYP] section 2.3.3.
SecurityBufferOffset (2 bytes): The offset, in bytes, from the beginning of the SMB2 header to the security buffer.
SecurityBufferLength (2 bytes): The length, in bytes, of the security buffer.
NegotiateContextOffset/Reserved2 (4 bytes): If the DialectRevision field is 0x0311, then this field specifies the offset, in bytes, from the beginning of the SMB2 header to the first 8-byte aligned negotiate context in NegotiateContextList; otherwise, the server MUST set this to 0 and the client MUST ignore it on receipt.
Buffer (variable): The variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer SHOULD contain a token as produced by the GSS protocol as specified in section 3.3.5.4. If SecurityBufferLength is 0, this field is empty and then client-initiated authentication, with an authentication protocol of the client's choice, will be used instead of server-initiated SPNEGO authentication as described in [MS-AUTHSOD] section 2.1.2.2.
Padding (variable): Optional padding between the end of the Buffer field and the first negotiate context in the NegotiateContextList so that the first negotiate context is 8-byte aligned.
NegotiateContextList (variable): If the DialectRevision field is 0x0311, a list of negotiate contexts. The first negotiate context in the list MUST appear at the byte offset indicated by the SMB2 NEGOTIATE response's NegotiateContextOffset. Subsequent negotiate contexts MUST appear at the first 8-byte aligned offset following the previous negotiate context.