Partager via


2.2.3.1 SMB Header Extensions

All client requests MUST begin with a fixed-size SMB header, as specified in [MS-CIFS] section 2.2.3.1. All server responses, with the exception of the SMB_COM_READ_RAW response message, as specified in [MS-CIFS] section 2.2.4.22.2, MUST begin with the same fixed-size SMB header.

 SMB_Header
   {
   UCHAR  Protocol[4];
   UCHAR  Command;
   SMB_ERROR Status;
   UCHAR  Flags;
   USHORT Flags2;
   USHORT PIDHigh;
   UCHAR  SecurityFeatures[8];
   USHORT Reserved;
   USHORT TID;
   USHORT PIDLow;
   USHORT UID;
   USHORT MID;
   }

The following SMB header fields contain extensions:


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Protocol

Command

Status

...

Flags

Flags2

PIDHigh

SecurityFeatures

...

...

Reserved

TID

PIDLow

UID

MID

Flags2 (2 bytes): The Flags2 field contains individual bit flags that, depending on the negotiated SMB dialect, indicate various client and server capabilities. This field is defined as specified in [MS-CIFS] section 2.2.3.1. There are several new Flags2 values in the SMB header that are not in [MS-CIFS], but are part of these extensions. Unused bit fields SHOULD be set to zero by the sender when sending an SMB message and SHOULD<21> be ignored when received by the receiver. This field is constructed using the values listed in section 2.2.3.1 of [MS-CIFS], as well as the following additional values:

Name &  bitmask

Meaning

SMB_FLAGS2_COMPRESSED

0x0008

If set by the client, the client is requesting compressed data for an SMB_COM_READ_ANDX request. If cleared by the server, the server is notifying the client that the data was written uncompressed. This bit field SHOULD only be set to one when NT LAN Manager or later is negotiated for the SMB dialect.

SMB_FLAGS2_SMB_SECURITY_SIGNATURE_REQUIRED

0x0010

This flag SHOULD<22> be set by the client on the first SMB_COM_SESSION_SETUP_ANDX request (section 2.2.4.6.1) sent to a server that supports extended security if the client requires all further communication with this server to be signed. If the server does not support signing, it MUST disconnect the client by closing the underlying transport connection. Clients and servers MUST ignore this value for other requests and responses. If the client receives a non-signed response from the server, it MUST disconnect the underlying transport connection. This bit field SHOULD only be set to one when NT LAN Manager or later is negotiated for the SMB dialect, the client supports extended security, and the client is configured to require security signatures.

SMB_FLAGS2_IS_LONG_NAME

0x0040

If set, the path contained in the message contains long names; otherwise, the paths are restricted to 8.3 names. This bit field SHOULD only be set to one when NT LAN Manager or later is negotiated for the SMB dialect. If client sets this bit in the request, the server SHOULD<23> also set this bit in the response.

SMB_FLAGS2_REPARSE_PATH

0x0400

If set, the path in the request MUST contain an @GMT token (that is, a Previous Version token), as specified in section 2.2.1.1.1.

SMB_FLAGS2_EXTENDED_SECURITY

0x0800

Indicates that the client or server supports SPNEGO authentication, as specified in section 3.2.5.2 for client behavior and section 3.3.5.2 for server behavior. This bit field SHOULD be set to one only when NT LAN Manager or later is negotiated for the SMB dialect and the client or server supports extended security.

PIDHigh (2 bytes): This field MUST give the 2 high bytes of the process identifier (PID) if the Client.Supports32BitPIDs, as specified in section 3.2.1.1, is TRUE. Otherwise, it MUST be set to zero.