2.2.6 SMB2 SESSION_SETUP Response
The SMB2 SESSION_SETUP Response packet is sent by the server in response to an SMB2 SESSION_SETUP Request packet. This response is composed of an SMB2 header, as specified in section 2.2.1, that is followed by this response structure:
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
StructureSize |
SessionFlags |
||||||||||||||||||||||||||||||
SecurityBufferOffset |
SecurityBufferLength |
||||||||||||||||||||||||||||||
Buffer (variable) |
|||||||||||||||||||||||||||||||
... |
StructureSize (2 bytes): The server MUST set this to 9, indicating the size of the fixed part of the response structure not including the header. The server MUST set it to this value regardless of how long Buffer[] actually is in the response.
SessionFlags (2 bytes): A flags field that indicates additional information about the session. This field MUST contain either 0 or one of the following values:
-
Value
Meaning
SMB2_SESSION_FLAG_IS_GUEST
0x0001
If set, the client has been authenticated as a guest user.
SMB2_SESSION_FLAG_IS_NULL
0x0002
If set, the client has been authenticated as an anonymous user.
SMB2_SESSION_FLAG_ENCRYPT_DATA
0x0004
If set, the server requires encryption of messages on this session, per the conditions specified in section 3.3.5.2.9. This flag is only valid for the SMB 3.x dialect family.
SecurityBufferOffset (2 bytes): The offset, in bytes, from the beginning of the SMB2 header to the security buffer.
SecurityBufferLength (2 bytes): The length, in bytes, of the security buffer.
Buffer (variable): A variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. If the server initiated authentication using SPNEGO, the buffer MUST contain a token as produced by the GSS protocol as specified in section 3.3.5.5.3. If the client initiated authentication, see section 2.2.4, the buffer SHOULD<30> contain a token as produced by an authentication protocol of the client's choice.