2.2.4.53.1 Request
-
SMB_Parameters { UCHAR WordCount; Words { UCHAR AndXCommand; UCHAR AndXReserved; USHORT AndXOffset; USHORT MaxBufferSize; USHORT MaxMpxCount; USHORT VcNumber; ULONG SessionKey; USHORT OEMPasswordLen; USHORT UnicodePasswordLen; ULONG Reserved; ULONG Capabilities; } } SMB_Data { USHORT ByteCount; Bytes { UCHAR OEMPassword[]; UCHAR UnicodePassword[]; UCHAR Pad[]; SMB_STRING AccountName[]; SMB_STRING PrimaryDomain[]; SMB_STRING NativeOS[]; SMB_STRING NativeLanMan[]; } }
SMB_Header:
-
-
TID (2 bytes): This field is ignored in this request.
-
UID (2 bytes): This field is ignored in this request.
-
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SMB_Parameters (27 bytes) |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
SMB_Data (variable) |
||||||||||||||||||||||||||||||
... |
SMB_Parameters (27 bytes):
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
WordCount |
Words (26 bytes) |
||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
|||||||||||||||||||||||||||||||
... |
WordCount (1 byte): The value of this field MUST be 0x0D.
Words (26 bytes):
-
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1AndXCommand
AndXReserved
AndXOffset
MaxBufferSize
MaxMpxCount
VcNumber
SessionKey
...
OEMPasswordLen
UnicodePasswordLen
Reserved
...
Capabilities
...
-
AndXCommand (1 byte): This field MUST be either the command code for the next SMB command in the packet or 0xFF.
-
AndXReserved (1 byte): A reserved field. This MUST be set to 0x00 when this request is sent, and the server MUST ignore this value.
-
AndXOffset (2 bytes): This field MUST be set to the offset in bytes from the start of the SMB Header (section 2.2.3.1) to the start of the WordCount field in the next SMB command in this packet. This field is valid only if the AndXCommand field is not set to 0xFF. If AndXCommand is 0xFF, this field MUST be ignored by the server.
-
MaxBufferSize (2 bytes): The maximum size, in bytes, of the largest SMB message that the client can receive. This is the size of the largest SMB message that the server can send to the client. SMB message size includes the size of the SMB header, parameter, and data blocks.<91> This size MUST NOT include any transport-layer framing or other transport-layer data.
-
There are two exceptions to the limit imposed by the client's MaxBufferSize value.
-
-
If the CAP_RAW_MODE capability is negotiated, then the maximum size of an SMB_COM_READ_RAW command response from the server MUST be limited by the MaxRawSize value previously returned by the server in the SMB_COM_NEGOTIATE Response (section 2.2.4.52.2) message.
If the CAP_LARGE_READX capability is negotiated, the SMB_COM_READ_ANDX (section 2.2.4.42) command response MAY bypass the client's MaxBufferSize limit. There is no field in any CIFS message that indicates the maximum size of an SMB_COM_READ_ANDX if CAP_LARGE_READX is negotiated.<92>
MaxMpxCount (2 bytes): The maximum number of pending requests supported by the client. This value MUST be less than or equal to the MaxMpxCount field value provided by the server in the SMB_COM_NEGOTIATE Response.
-
-
VcNumber (2 bytes): The number of this VC (virtual circuit) between the client and the server. This field SHOULD be set to a value of 0x0000 for the first virtual circuit between the client and the server and it SHOULD be set to a unique nonzero value for each additional virtual circuit.<93>
-
SessionKey (4 bytes): The client MUST set this field to be equal to the SessionKey field in the SMB_COM_NEGOTIATE Response for this SMB connection.<94>
-
OEMPasswordLen (2 bytes): The length, in bytes, of the contents of the SMB_Data.OEMPassword field.
-
UnicodePasswordLen (2 bytes): The length, in bytes, of the contents of the SMB_Data.UnicodePassword field.
-
Reserved (4 bytes): Reserved. This field MUST be 0x00000000. The server MUST ignore the contents of this field.
-
Capabilities (4 bytes): A 32-bit field providing a set of client capability indicators. The client uses this field to report its own set of capabilities to the server. The client capabilities are a subset of the server capabilities.<95>
-
-
-
-
-
-
Name and bitmask
-
-
-
-
-
Meaning
-
-
-
-
-
CAP_RAW_MODE
-
0x00000001
-
-
-
-
-
The client supports SMB_COM_READ_RAW and SMB_COM_WRITE_RAW requests. Raw mode is not supported over connectionless transports.
-
-
-
-
-
CAP_MPX_MODE
-
0x00000002
-
-
-
-
-
The client supports SMB_COM_READ_MPX and SMB_COM_WRITE_MPX requests. MPX mode is supported only over connectionless transports.
-
-
-
-
-
CAP_UNICODE
-
0x00000004
-
-
-
-
-
The client supports UTF-16LE Unicode strings.
-
-
-
-
-
CAP_LARGE_FILES
-
0x00000008
-
-
-
-
-
The client supports 64-bit file offsets.<96>
-
-
-
-
-
CAP_NT_SMBS
-
0x00000010
-
-
-
-
-
The client supports SMB commands particular to the NT LAN Manager dialect.<97>
-
-
-
-
-
CAP_RPC_REMOTE_APIS
-
0x00000020
-
-
-
-
-
The client supports the use of Microsoft remote procedure call (MS-RPC) for remote API calls.
-
-
-
-
-
CAP_STATUS32
-
0x00000040
-
-
-
-
-
The client supports 32-bit status codes, received in the Status field of the SMB Header.
-
CAP_STATUS32 is also sometimes referred to as CAP_NT_STATUS.
-
-
-
-
-
CAP_LEVEL_II_OPLOCKS
-
0x00000080
-
-
-
-
-
The client supports level II opportunistic locks (OpLocks).
-
-
-
-
-
CAP_LOCK_AND_READ
-
0x00000100
-
-
-
-
-
The client supports the SMB_COM_LOCK_AND_READ command.
-
-
-
-
-
CAP_NT_FIND
-
0x00000200
-
-
-
-
-
The client supports the TRANS2_FIND_FIRST2, TRANS2_FIND_NEXT2, and FIND_CLOSE2 command requests.<98>
-
-
-
-
-
CAP_DFS
-
0x00001000
-
-
-
-
-
The client supports the DFS Referral Protocol, as specified in [MS-DFSC].
-
-
-
-
-
CAP_LARGE_READX
-
0x00004000
-
-
-
-
-
The client supports large read operations.
-
This capability affects the maximum size, in bytes, of the client buffer for receiving an SMB_COM_READ_ANDX response from the server.
-
When this capability is set by the client, the maximum client buffer size for receiving an SMB_COM_READ_ANDX can be up to 65,535 bytes, rather than the MaxBufferSize field.
-
-
-
-
-
-
-
SMB_Data (variable):
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ByteCount |
Bytes (variable) |
||||||||||||||||||||||||||||||
... |
ByteCount (2 bytes): The number of bytes in the SMB_Data.Bytes array, which follows.
Bytes (variable):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1OEMPassword (variable)
...
UnicodePassword (variable)
...
Pad (variable)
...
AccountName (variable)
...
PrimaryDomain (variable)
...
NativeOS (variable)
...
NativeLanMan (variable)
...
-
OEMPassword (variable): The contents of this field depends upon the authentication methods in use:
If Unicode has not been negotiated and the client sends a plaintext password, this field MUST contain the password represented in the OEM character set.
If the client uses challenge/response authentication, this field can contain a cryptographic response.
This field MAY be empty.
The OEMPassword value is an array of bytes, not a null-terminated string.
-
UnicodePassword (variable): The contents of this field depends upon the authentication methods in use:
If Unicode has been negotiated and the client sends a plaintext password, this field MUST contain the password represented in UTF-16LE Unicode.<99>
If the client uses challenge/response authentication, this field can contain a cryptographic response.
This field MAY be empty.
See section 3.2.4.2.4 for a description of authentication mechanisms used with CIFS.
If the client sends a plaintext password, then the password MUST be encoded in either OEM or Unicode characters, but not both. The value of the SMB_FLAGS2_UNICODE bit of the SMB_Header.Flags2 indicates the character encoding of the password. If a plaintext password is sent, then:
If SMB_FLAGS2_UNICODE is clear (0), the value of UnicodePasswordLen MUST be 0x0000, and the password MUST be encoded using the 8-bit OEM character set (extended ASCII).
If SMB_FLAGS2_UNICODE is set (1), the value of OEMPasswordLen MUST be 0x0000 and the password MUST be encoded using UTF-16LE Unicode. Padding MUST NOT be added to align this plaintext Unicode string to a word boundary.
-
Pad (variable): Padding bytes. If Unicode support has been enabled and SMB_FLAGS2_UNICODE is set in SMB_Header.Flags2, this field MUST contain zero (0x00) or one null padding byte as needed to ensure that the AccountName string is aligned on a 16-bit boundary. This also forces alignment of subsequent strings without additional padding.
-
AccountName (variable): The name of the account (username) with which the user authenticates.
-
PrimaryDomain (variable): A string representing the desired authentication domain. This MAY be the empty string. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB header of the request, this string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, this string MUST be a null-terminated array of OEM characters. If this string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB header.
-
NativeOS (variable): A string representing the native operating system of the CIFS client. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB header of the request, this string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, this string MUST be a null-terminated array of OEM characters. If this string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB header.<100>
-
NativeLanMan (variable): A string that represents the native LAN manager type of the client. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB header of the request, this string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, this string MUST be a null-terminated array of OEM characters. If this string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB header.<101>