SMB_COM_SESSION_SETUP_ANDX
The SMB_COM_SESSION_SETUP_ANDX client request continues the user session definition begun by an SMB_COM_NEGOTIATE request.
The SMB_COM_SESSION_SETUP_ANDX packet defines the data portion of the CIFS client request and server response packets for the command code SMB_COM_SESSION_SETUP_ANDX. The data portion follows immediately on the packet header, the first field, WordCount, being the same field as WordCount in the packet header SMB_Header.
Field name Displacement Length (bytes) (bytes) Client_Request_PriorNTLM WordCount 0 1 AndXCommand 1 1 AndXReserved 2 1 AndXOffset 3 2 MaxBufferSize 5 2 MaxMpxCount 7 2 VcNumber 9 2 SessionKey 11 4 PasswordLength 15 2 Reserved 17 4 ByteCount 21 2 AccountPassword[] 23 Variable AccountName[] * Variable PrimaryDomain[] * Variable NativeOS[] * Variable NativeLANMan[] * Variable Server_Response_PriorNTLM WordCount 0 1 AndXCommand 1 1 AndXReservec 2 1 AndXOffset 3 2 Action 5 2 ByteCount 7 2 NativeOS[] 9 Variable NativeLANMan[] * Variable PrimaryDomain[] * Variable Client_Request_NTLM_NoESS WordCount 0 1 AndXCommand 1 1 AndXReserved 2 1 AndXOffset 3 2 MaxBufferSize 5 2 MaxMPXCount 7 2 VcNumber 9 2 SessionKey 11 4 CaseInsensitivePa 15 2 CaseSensitivePass 17 2 Reserved 19 4 Capabilities 23 4 ByteCount 27 2 CaseInsensitivePa 29 Variable CaseSensitivePass * Variable AccountName[] * Variable PrimaryDomain[] * Variable NativeOS[] * Variable NativeLanMan[] * Variable Client_Request_NTLM_ESS WordCount 0 1 AndXCommand 1 1 AndXReserved 2 1 AndXOffset 3 2 MaxBufferSize 5 2 MaxMpxCount 7 2 VcNumber 9 2 SessionKey 11 4 SecurityBlobLengt 15 2 Reserved 17 4 Capabilities 21 4 ByteCount 25 2 SecurityBlob[] 27 Variable NativeOS[] * Variable NativeLanMan[] * Variable Server_Response_NTLM_All WordCount 0 1 AndXCommand 1 1 AndXReserved 2 1 AndXOffset 3 2 Action 5 2 SecurityBlobLengt 7 2 ByteCount 9 2 SecurityBlob[] 11 Variable NativeOS[] * Variable NativeLanMan[] * Variable PrimaryDomain[] * Variable
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 0 | 1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fields
Client_Request_PriorNTLM
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount AndXCommand AndXReserved AndXOffset MaxBufferSize MaxMpxCount VcNumber SessionKey PasswordLength Reserved ByteCount AccountPassword[] AccountName[] PrimaryDomain[] NativeOS[] NativeLANMan[] Data type: struct
Client request format if the negotiated protocol is earlier than NTLM 0.12.
WordCount
Data type: UCHARCount of parameter words. The value is 10.
AndXCommand
Data type: UCHARSecondary command. If no secondary command exists, the value is 0xFF.
AndXReserved
Data type: UCHARReserved. The value must be 0 (zero).
AndXOffset
Data type: USHORTOffset in bytes to the WordCount location for the following command.
MaxBufferSize
Data type: USHORTClient maximum buffer size.
MaxMpxCount
Data type: USHORTMaximum count of pending multiplexed requests.
VcNumber
Data type: USHORTVC number. If this is the first VC number, the value is 0 (zero).
SessionKey
Data type: ULONGSession key. The value is valid only if VcNumber is non-zero.
PasswordLength
Data type: USHORTLength of account password.
Reserved
Data type: ULONGReserved. The value must be 0 (zero).
ByteCount
Data type: USHORTCount of data bytes.
AccountPassword[]
Data type: UCHARAccount password.
AccountName[]
Data type: STRINGName of account.
PrimaryDomain[]
Data type: STRINGClient primary domain.
NativeOS[]
Data type: STRINGClient native operating system.
NativeLANMan[]
Data type: STRINGClient native LAN Manager type.
Server_Response_PriorNTLM
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount AndXCommand AndXReservec AndXOffset Action ByteCount NativeOS[] NativeLANMan[] PrimaryDomain[] Data type: struct
Server response format if the negotiated protocol is earlier than NTLM 0.12.
WordCount
Data type: UCHARCount of parameter words. The value is 3.
AndXCommand
Data type: UCHARSecondary command. If no secondary command exists, the value is 0xFF.
AndXReservec
Data type: UCHARReserved. The value must be 0 (zero).
AndXOffset
Data type: USHORTOffset in bytes to the WordCount location for the following command.
Action
Data type: USHORTRequest mode.
Value Meaning Bit0 Logged in as GUEST. ByteCount
Data type: USHORTCount of data bytes.
NativeOS[]
Data type: STRINGServer native operating system.
NativeLANMan[]
Data type: STRINGServer native LAN Manager type.
PrimaryDomain[]
Data type: STRINGServer primary domain.
Client_Request_NTLM_NoESS
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount AndXCommand AndXReserved AndXOffset MaxBufferSize MaxMPXCount VcNumber SessionKey CaseInsensitivePasswordlength CaseSensitivePasswordLength Reserved Capabilities ByteCount CaseInsensitivePassword[] CaseSensitivePassword[] AccountName[] PrimaryDomain[] NativeOS[] NativeLanMan[] Data type: struct
Client request format if the negotiated protocol is NTLM 0.12 and the server does not support Extended Security.
WordCount
Data type: UCHARCount of parameter words. The value is 13.
AndXCommand
Data type: UCHARSecondary command. If no secondary command exists, the value is 0xFF.
AndXReserved
Data type: UCHARReserved. The value must be 0 (zero).
AndXOffset
Data type: USHORTOffset in bytes to the WordCount location for the following command.
MaxBufferSize
Data type: USHORTClient maximum buffer size.
MaxMPXCount
Data type: USHORTMaximum count of pending multiplexed requests.
VcNumber
Data type: USHORTVC number. If this field is the first VC number, the value is zero.
SessionKey
Data type: ULONGSession key. This value is valid only if VcNumber is non-zero.
CaseInsensitivePasswordlength
Data type: USHORTLength of ASCII password.
CaseSensitivePasswordLength
Data type: USHORTLength of Unicode password.
Reserved
Data type: ULONGReserved. The value must be 0 (zero).
Capabilities
Data type: ULONGClient capabilities. The field may be a combination of the following values.
Value Meaning CAP_UNICODE
0x0004Uses Unicode strings. CAP_LARGE_FILES
0x0008Accepts 64-bit file offsets. CAP_NT_SMBS
0x0010Understands NTLM 0.12 SMB commands. CAP_STATUS32
0x0040Can accept 32-bit error codes in the SMB_Command_Packet_Header Status field. CAP_LEVEL_II_OPLOCKS
0x0080Understands level II oplocks. CAP_NT_FIND
0x0200ByteCount
Data type: USHORTCount of data bytes.
CaseInsensitivePassword[]
Data type: UCHARAccount password, in ASCII.
CaseSensitivePassword[]
Data type: UCHARAccount password, in Unicode.
AccountName[]
Data type: STRINGAccount name, in Unicode.
PrimaryDomain[]
Data type: STRINGClient primary domain, in Unicode.
NativeOS[]
Data type: STRINGClient native operating system, in Unicode.
NativeLanMan[]
Data type: STRINGClient native LAN Manager type, in Unicode.
Client_Request_NTLM_ESS
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount AndXCommand AndXReserved AndXOffset MaxBufferSize MaxMpxCount VcNumber SessionKey SecurityBlobLength Reserved Capabilities ByteCount SecurityBlob[] NativeOS[] NativeLanMan[] Data type: struct
Client request format if the negotiated protocol is NTLM 0.12 and the server supports Extended Security.
WordCount
Data type: UCHARCount of parameter words. The value is 12.
AndXCommand
Data type: UCHARSecondary command. If no secondary command exists, the value is 0xFF.
AndXReserved
Data type: UCHARReserved. The value must be 0 (zero).
AndXOffset
Data type: USHORTOffset in bytes to the WordCount location for the following command.
MaxBufferSize
Data type: USHORTClient maximum buffer size.
MaxMpxCount
Data type: USHORTMaximum count of pending multiplexed requests.
VcNumber
Data type: USHORTVC number. If this field is the first VC number, the value is 0 (zero).
SessionKey
Data type: ULONGSession key. This value is valid only if VcNumber is non-zero.
SecurityBlobLength
Data type: USHORTLength of security BLOB.
Reserved
Data type: ULONGReserved. The value must be 0 (zero).
Capabilities
Data type: ULONGClient capabilities. The value may be a combination of any of the following.
Value Meaning CAP_UNICODE
0x0004Uses Unicode strings. CAP_LARGE_FILES
0x0008Accepts 64-bit file offsets. CAP_NT_SMBS
0x0010Understands NTLM 0.12 SMB commands. CAP_STATUS32
0x0040Can accept 32-bit error codes in the SMB_Command_Packet_HeaderStatus field. CAP_LEVEL_II_OPLOCKS
0x0080Understands level II oplocks. CAP_NT_FIND
0x0200ByteCount
Data type: USHORTCount of data bytes.
SecurityBlob[]
Data type: UCHARAuthentication token in RFC 2478 format.
NativeOS[]
Data type: STRINGClient native operating system, in Unicode.
NativeLanMan[]
Data type: STRINGClient native LAN Manager type, in Unicode.
Server_Response_NTLM_All
0 1 2 3 4 5 6 7 8 9 1
01 2 3 4 5 6 7 8 9 2
01 2 3 4 5 6 7 8 9 3
01 WordCount AndXCommand AndXReserved AndXOffset Action SecurityBlobLength ByteCount SecurityBlob[] NativeOS[] NativeLanMan[] PrimaryDomain[] Data type: struct
Server response format if the negotiated protocol is NTLM 0.12.
WordCount
Data type: UCHARCount of parameter words. The value is 4.
AndXCommand
Data type: UCHARSecondary command. If no secondary command exists, the value is 0xFF.
AndXReserved
Data type: UCHARReserved. The value must be 0 (zero).
AndXOffset
Data type: USHORTOffset in bytes to the WordCount location for the following command.
Action
Data type: USHORTRequest mode.
Value Meaning Bit0 Logged in as GUEST. SecurityBlobLength
Data type: USHORTLength of SecurityBlob[].
ByteCount
Data type: USHORTCount of data bytes.
SecurityBlob[]
Data type: UCHARAuthentication token in RFC 2478 format.
NativeOS[]
Data type: STRINGServer native operating system.
NativeLanMan[]
Data type: STRINGServer native LAN Manager type.
PrimaryDomain[]
Data type: STRINGServer primary domain.
Remarks
To authenticate, CIFS uses the standard procedures of RFC 2478 (GSS-API), which allow a client or server to call for authentication independently of the final choice of authentication method. For CIFS, the selected authentication method is either Kerberos or NTLM. By default, networked Windows 2000 or Windows XP platforms call for authentication using Kerberos. For a Windows 2000 or Windows XP platform, both Kerberos and NTLM Security Support Provider (SSP) authentication components are loaded at startup. Microsoft applications do not authenticate inline but make a Security Support Provider Interface (SSPI) Negotiate call to request authentication. A Negotiate call selects the appropriate SSP component to handle the request. As a result, networked Windows 2000 and Windows XP platforms attempt to authenticate using the Kerberos SSP; standalone and older Windows NT platforms use NTLM. A Windows 2000 CIFS server, for example, implicitly uses Kerberos for authentication.
The following error codes may be returned:
- ERRSRV/ERRerror
- ERRSRV/ERRbadpw
- ERRSRV/ERRtoomanyuids
- ERRSRV/ERRnosupport