SMB_COM_NEGOTIATE
The SMB_COM_NEGOTIATE client request is used to resolve the protocol dialect for a session. The client sends a list of dialects. The server responds with the index number in the list of an acceptable dialect.
The SMB_COM_NEGOTIATE packet defines the data portion of the CIFS client request and server response packets for the command code SMB_COM_NEGOTIATE. The data portion follows immediately on the packet header, the first field, WordCount, being the same field as WordCount in the packet header SMB_Header.
Field name Displacement Length (bytes) (bytes) Client_Request WordCount 0 1 ByteCount 1 2 Dialects[] 3 Variable BufferFormat * 1 DialectName[] * Variable Server_Response_DialectUnknown WordCount 0 1 DialectIndex 1 2 ByteCount 3 2 Server_Response_DialectLANMAN2 WordCount 0 1 DialectIndex 1 2 SecurityMode 3 2 MaxTransmitBufferS 5 2 MaxMpxCount 7 2 MaxCountVCs 9 2 RawMode 11 2 SessionKey 13 4 ServerTime 17 16 ServerDate 33 16 ServerTimeZone 49 2 EncryptionKeyLengt 51 2 Reserved 53 2 ByteCount 55 2 EncryptionKey[] 57 Variable PrimaryDomain[] * Variable Server_Response_DialectNTLM WordCount 0 1 DialectIndex 1 2 SecurityMode 3 1 MaxMpxCount 4 2 MaxCountVCs 6 2 MaxTransmitBufferS 8 4 MaxRawSize 12 4 SessionKey 16 4 Capabilities 20 4 SystemTimeLow 24 4 SystemTimeHigh 28 4 ServerTimeZone 32 2 EncryptionKeyLengt 34 1 EncryptionKey[] 35 Variable OEMDomainName[] * Variable Reserved[16] * 16 Reserved[] * Variable
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 0 | 1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fields
Client_Request
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount ByteCount Dialects[] Data type: struct
Client request data portion.
WordCount
Data type: UCHARCount of parameter words. The value is 0.
ByteCount
Data type: USHORTCount of data bytes. The value is greater than 2.
Dialects[]
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 BufferFormat DialectName[] Data type: struct
Array of dialects.
BufferFormat
Data type: UCHARDialect format. The value is 0x02.
DialectName[]
Data type: UCHARASCII null-terminated string.
Server_Response_DialectUnknown
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount DialectIndex ByteCount Data type: struct
Server response data portion.
WordCount
Data type: UCHARCount of parameter words. The value is 0.
DialectIndex
Data type: USHORTA value of 0xFF indicates that none of the dialects requested were acceptable.
ByteCount
Data type: USHORTCount of data bytes. The value is 0.
Server_Response_DialectLANMAN2
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount DialectIndex SecurityMode MaxTransmitBufferSize MaxMpxCount MaxCountVCs RawMode SessionKey ServerTime ServerDate ServerTimeZone EncryptionKeyLength Reserved ByteCount EncryptionKey[] PrimaryDomain[] Data type: struct
WordCount
Data type: UCHARCount of parameter words.
DialectIndex
Data type: USHORTIndex number of selected dialect.
SecurityMode
Data type: USHORTSecurity mode.
Value Meaning Bit0 - 0
- Share mode
- 1
- User mode
Bit1 Use challenge/response authentication MaxTransmitBufferSize
Data type: USHORTMaximum size of the client transmit buffer.
MaxMpxCount
Data type: USHORTMaximum count of pending multiplexed requests.
MaxCountVCs
Data type: USHORTMaximum count of virtual circuits between the client and server.
RawMode
Data type: USHORTType of raw mode supported.
Value Meaning Bit0 Read Raw supported Bit1 Write Raw supported. SessionKey
Data type: ULONGUnique session identifier.
ServerTime
Data type: SMB_TIMECurrent time at server.
ServerDate
Data type: SMB_DATECurrent date at server.
ServerTimeZone
Data type: USHORTTime zone at server.
EncryptionKeyLength
Data type: USHORTEncryption key length. This value must be 0 (zero) if the acceptable dialect is not LM2.1.
Reserved
Data type: USHORTReserved. The value must be 0 (zero).
ByteCount
Data type: USHORTCount of data bytes.
EncryptionKey[]
Data type: UCHARChallenge encryption key.
PrimaryDomain[]
Data type: STRINGServer primary domain.
Server_Response_DialectNTLM
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount DialectIndex SecurityMode MaxMpxCount MaxCountVCs MaxTransmitBufferSize MaxRawSize SessionKey Capabilities SystemTimeLow SystemTimeHigh ServerTimeZone EncryptionKeyLength ByteCount EncryptionKey[] OEMDomainName[] Reserved[16] Reserved[] Data type: struct
WordCount
Data type: UCHARCount of parameter words. The value is 17.
DialectIndex
Data type: USHORTIndex of selected dialect.
SecurityMode
Data type: UCHARSecurity mode.
Value Meaning Bit0 - 0
- Share mode
- 1
- User mode
Bit1 Encrypt passwords Bit2 Security signatures (SMB sequence numbers) enabled Bit3 Security signatures required MaxMpxCount
Data type: USHORTMaximum count of pending multiplexed requests.
MaxCountVCs
Data type: USHORTMaximum count of virtual circuits between the client and server.
MaxTransmitBufferSize
Data type: ULONGMaximum size of the client transmit buffer.
MaxRawSize
Data type: ULONGMaximum raw buffer size. This value specifies the maximum message size the server can send or receive for the commands SMB_COM_WRITE_RAW and SMB_COM_READ_RAW.
SessionKey
Data type: ULONGUnique session identifier.
Capabilities
Data type: ULONGServer capabilities.
Value Meaning CAP_RAW_MODE
0x0001The server supports SMB_COM_READ_RAW and SMB_COM_WRITE_RAW. CAP_MPX_MODE
0x0002The server supports SMB_COM_READ_MPX and SMB_COM_WRITE_MPX. CAP_UNICODE
0x0004The server supports Unicode strings. CAP_LARGE_FILES
0x0008The server supports large files with 64 bit offsets. CAP_NT_SMBS
0x0010The server supports the commands particular to the NT LM 0.12 dialect. CAP_RPC_REMOTE_APIS
0x0020The sever supports remote API requests via RPC. CAP_STATUS32
0x0040The server can respond with 32 bit status codes in Status.Status. CAP_LEVEL_II_OPLOCKS
0x0080The server supports level 2 oplocks. CAP_LOCK_AND_READ
0x0100The server supports the SMB_COM_LOCK_AND_READ command. CAP_NT_FIND
0x0200CAP_DFS
0x1000This server is DFS aware. CAP_INFOLEVEL_PASSTHRU
0x2000The server supports NT information level requests passing through. CAP_LARGE_READX
0x4000The server supports large reads. CAP_LARGE_WRITEX
0x8000The server supports large writes. 0x02000000 Reserved. 0x20000000 Reserved. 0x40000000 Reserved. 0x80000000 Reserved. SystemTimeLow
Data type: ULONGLow portion of the system time (UTC).
SystemTimeHigh
Data type: ULONGUpper portion of the system time (UTC).
ServerTimeZone
Data type: USHORTTime zone of the server.
EncryptionKeyLength
Data type: UCHARLength of the encryption key.
ByteCount
Data type: USHORTCount of data bytes.
EncryptionKey[]
Data type: UCHARChallenge encryption key.
OEMDomainName[]
Data type: UCHARName of the domain, in the OEM character set.
Reserved[16]
Data type: UCHARReserved.
Reserved[]
Data type: UCHARReserved.
Remarks
To authenticate, CIFS uses the standard procedures of RFC 2478 (GSS-API), which allow a client or server to call for authentication independently of the final choice of the authentication method. For CIFS, the selected authentication method is either Kerberos or NTLM.
**Windows 2000 or Windows XP: **Networked platforms, by default, call for authentication using Kerberos. Both Kerberos and NTLM Security Support Provider (SSP) authentication components are loaded at startup.
Microsoft applications do not authenticate inline but make a Security Support Provider Interface (SSPI) Negotiate call to request authentication. A Negotiate call selects the appropriate SSP component to handle the request.
**Windows 2000 and Windows XP: **Networked platforms attempt to authenticate using the Kerberos SSP. A Windows 2000 CIFS server, for example, implicitly uses Kerberos for authentication.
**Windows NT: **Standalone and older Windows NT platforms use NTLM.
The protocol does not impose any particular packet to the dialect strings. Implementers of particular protocols may choose to include, for example, version numbers in the string.
If the SecurityMode field indicates that the server is running in user mode, the client must send SMB_COM_SESSION_SETUP_ANDX requests before the server will allow the client to access resources.
If bit0 of the SMB_HeaderFlags1 field is set in the server negotiate response, the server supports the client requests SMB_COM_LOCK_AND_READ and SMB_COM_WRITE_AND_UNLOCK.