2.2.6 SMB2 SESSION_SETUP Response

  • Article

The SMB2 SESSION_SETUP Response packet is sent by the server in response to an SMB2 SESSION_SETUP Request packet. This response is composed of an SMB2 header, as specified in section 2.2.1, that is followed by this response structure:


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

StructureSize

SessionFlags

SecurityBufferOffset

SecurityBufferLength

Buffer (variable)

...

StructureSize (2 bytes): The server MUST set this to 9, indicating the size of the fixed part of the response structure not including the header. The server MUST set it to this value regardless of how long Buffer[] actually is in the response.

SessionFlags (2 bytes): A flags field that indicates additional information about the session. This field MUST contain either 0 or one of the following values:

Value

Meaning

SMB2_SESSION_FLAG_IS_GUEST

0x0001

If set, the client has been authenticated as a guest user.

SMB2_SESSION_FLAG_IS_NULL

0x0002

If set, the client has been authenticated as an anonymous user.

SMB2_SESSION_FLAG_ENCRYPT_DATA

0x0004

If set, the server requires encryption of messages on this session, per the conditions specified in section 3.3.5.2.9. This flag is only valid for the SMB 3.x dialect family.

SecurityBufferOffset (2 bytes): The offset, in bytes, from the beginning of the SMB2 header to the security buffer.

SecurityBufferLength (2 bytes): The length, in bytes, of the security buffer.

Buffer (variable): A variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. If the server initiated authentication using SPNEGO, the buffer MUST contain a token as produced by the GSS protocol as specified in section 3.3.5.5.3. If the client initiated authentication, see section 2.2.4, the buffer SHOULD<30> contain a token as produced by an authentication protocol of the client's choice.