Client Request |
Description |
UCHAR WordCount; |
Count of parameter words = 0 |
USHORT ByteCount; |
Count of data bytes; min = 2 |
struct { |
|
UCHAR BufferFormat; |
0x02 -- Dialect |
UCHAR DialectName[]; |
ASCII null-terminated string |
} Dialects[]; |
The Client sends a list of dialects that it can communicate with. The response is a selection of one of those dialects (numbered 0 through n) or -1 (hex FFFF) indicating that none of the dialects were acceptable. The negotiate message is binding on the virtual circuit and must be sent. One and only one negotiate message may be sent, subsequent negotiate requests will be rejected with an error response and no action will be taken.
The protocol does not impose any particular structure to the dialect strings. Implementers of particular protocols may choose to include, for example, version numbers in the string.
If the server does not understand any of the dialect strings, or if PC NETWORK PROGRAM 1.0 is the chosen dialect, the response format is
| Server Response ============================ |
Description ======================================= |
| UCHAR WordCount; | Count of parameter words = 1 |
| USHORT DialectIndex; | Index of selected dialect |
| USHORT ByteCount; | Count of data bytes = 0 |
If the chosen dialect is greater than core up to and including LANMAN2.1, the protocol response format is
| Server Response ============================ |
Description ======================================= |
| UCHAR WordCount; | Count of parameter words = 13 |
| USHORT DialectIndex; | Index of selected dialect |
| USHORT SecurityMode; | Security mode: |
| bit 0: 0 = share, 1 = user | |
| bit 1: 1 = use challenge/response authentication | |
| USHORT MaxBufferSize; | Max transmit buffer size (>= 1024) |
| USHORT MaxMpxCount; | Max pending multiplexed requests |
| USHORT MaxNumberVcs; | Max VCs between client and server |
| USHORT RawMode; | Raw modes supported: |
| bit 0: 1 = Read Raw supported | |
| bit 1: 1 = Write Raw supported | |
| ULONG SessionKey; | Unique token identifying this session |
| SMB_TIME ServerTime; | Current time at server |
| SMB_DATE ServerDate; | Current date at server |
| USHORT ServerTimeZone; | Current time zone at server |
| USHORT EncryptionKeyLength; | MBZ if this is not LM2.1 |
| USHORT Reserved; | MBZ |
| USHORT ByteCount | Count of data bytes |
| UCHAR EncryptionKey[]; | The challenge encryption key |
| STRING PrimaryDomain[]; | The server's primary domain |
MaxBufferSize is the size of the largest message which the client can legitimately send to the server
If bit0 of the Flags field is set in the negotiate response, this indicates the server supports the SMB_COM_LOCK_AND_READ and SMB_COM_WRITE_AND_UNLOCK client requests.
If the SecurityMode field indicates the server is running in user mode, the client must send appropriate SMB_COM_SESSION_SETUP_ANDX requests before the server will allow the client to access resources. If the SecurityMode fields indicates the client should use challenge/response authentication, the client should use the authentication mechanism specified in section 2.10.
Clients should submit no more than MaxMpxCount distinct unanswered SMBs to the server when using multiplexed reads or writes (see sections 5.13 and 5.24)
Clients using the "MICROSOFT NETWORKS 1.03" dialect use a different form of raw reads than documented here, and servers are better off setting RawMode in this response to 0 for such sessions.
If the negotiated dialect is "DOS LANMAN2.1" or "LANMAN2.1", then PrimaryDomain string should be included in this response.
If the negotiated dialect is NT LM 0.12, the response format is
| Server Response ========================== |
Description ========================================= |
| UCHAR WordCount; | Count of parameter words = 17 |
| USHORT DialectIndex; | Index of selected dialect |
| UCHAR SecurityMode; | Security mode: |
| bit 0: 0 = share, 1 = user | |
| bit 1: 1 = encrypt passwords | |
| USHORT MaxMpxCount; | Max pending multiplexed requests |
| USHORT MaxNumberVcs; | Max VCs between client and server |
| ULONG MaxBufferSize; | Max transmit buffer size |
| ULONG MaxRawSize; | Maximum raw buffer size |
| ULONG SessionKey; | Unique token identifying this session |
| ULONG Capabilities; | Server capabilities |
| ULONG SystemTimeLow; | System (UTC) time of the server (low). |
| ULONG SystemTimeHigh; | System (UTC) time of the server (high). |
| USHORT ServerTimeZone; | Time zone of server (min from UTC) |
| UCHAR EncryptionKeyLength; | Length of encryption key. |
| USHORT ByteCount; | Count of data bytes |
| UCHAR EncryptionKey[]; | The challenge encryption key |
| UCHAR OemDomainName[]; | The name of the domain (in OEM chars) |
In addition to the definitions above, MaxBufferSize is the size of the largest message which the client can legitimately send to the server. If the client is using a connectionless protocol, MaxBufferSize must be set to the smaller of the server's internal buffer size and the amount of data which can be placed in a response packet.
MaxRawSize specifies the maximum message size the server can send or receive for SMB_COM_WRITE_RAW or SMB_COM_READ_RAW.
Connectionless clients must set sid to 0 in the SMB request header.
Capabilities allows the server to tell the client what it supports. The bit definitions are:
| Capability Name ==================== |
Encoding ======== |
Meaning ===================================== |
| CAP_RAW_MODE | 0x0001 | The server supports SMB_COM_READ_RAW and SMB_COM_WRITE_RAW |
| CAP_MPX_MODE | 0x0002 | The server supports SMB_COM_READ_MPX and SMB_COM_WRITE_MPX |
| CAP_UNICODE | 0x0004 | The server supports Unicode strings |
| CAP_LARGE_FILES | 0x0008 | The server supports large files with 64 bit offsets |
| CAP_NT_SMBS | 0x0010 | The server supports the SMBs particular to the NT LM 0.12 dialect |
| CAP_RPC_REMOTE_APIS | 0x0020 | The sever supports remote API requests via RPC |
| CAP_STATUS32 | 0x0040 | The server can respond with 32 bit status codes in Status.Status |
| CAP_LEVEL_II_OPLOCKS | 0x0080 | The server supports level 2 oplocks |
| CAP_LOCK_AND_READ | 0x0100 | The server supports the SMB_COM_LOCK_AND_READ SMB |
| CAP_NT_FIND | 0x0200 | |
| CAP_DFS | 0x1000 | This server is DFS aware |
| CAP_LARGE_READX | 0x4000 | The server supports SMB_COM_READ_ANDX requests which exceed the negotiated buffer size |
SUCCESS/SUCCESS
ERRSRV/ERRerror