SMB_COM_SESSION_SETUP_ANDX

  • Article

The SMB_COM_SESSION_SETUP_ANDX client request continues the user session definition begun by an SMB_COM_NEGOTIATE request.

The SMB_COM_SESSION_SETUP_ANDX packet defines the data portion of the CIFS client request and server response packets for the command code SMB_COM_SESSION_SETUP_ANDX. The data portion follows immediately on the packet header, the first field, WordCount, being the same field as WordCount in the packet header SMB_Header.

               Field name         Displacement      Length
(bytes)        (bytes)
Client_Request_PriorNTLM
WordCount               0              1
AndXCommand             1              1
AndXReserved            2              1
AndXOffset              3              2
MaxBufferSize           5              2
MaxMpxCount             7              2
VcNumber                9              2
SessionKey              11             4
PasswordLength          15             2
Reserved                17             4
ByteCount               21             2
AccountPassword[]       23          Variable
AccountName[]           *           Variable
PrimaryDomain[]         *           Variable
NativeOS[]              *           Variable
NativeLANMan[]          *           Variable
Server_Response_PriorNTLM
WordCount               0              1
AndXCommand             1              1
AndXReservec            2              1
AndXOffset              3              2
Action                  5              2
ByteCount               7              2
NativeOS[]              9           Variable
NativeLANMan[]          *           Variable
PrimaryDomain[]         *           Variable
Client_Request_NTLM_NoESS
WordCount               0              1
AndXCommand             1              1
AndXReserved            2              1
AndXOffset              3              2
MaxBufferSize           5              2
MaxMPXCount             7              2
VcNumber                9              2
SessionKey              11             4
CaseInsensitivePa       15             2
CaseSensitivePass       17             2
Reserved                19             4
Capabilities            23             4
ByteCount               27             2
CaseInsensitivePa       29          Variable
CaseSensitivePass       *           Variable
AccountName[]           *           Variable
PrimaryDomain[]         *           Variable
NativeOS[]              *           Variable
NativeLanMan[]          *           Variable
Client_Request_NTLM_ESS
WordCount               0              1
AndXCommand             1              1
AndXReserved            2              1
AndXOffset              3              2
MaxBufferSize           5              2
MaxMpxCount             7              2
VcNumber                9              2
SessionKey              11             4
SecurityBlobLengt       15             2
Reserved                17             4
Capabilities            21             4
ByteCount               25             2
SecurityBlob[]          27          Variable
NativeOS[]              *           Variable
NativeLanMan[]          *           Variable
Server_Response_NTLM_All
WordCount               0              1
AndXCommand             1              1
AndXReserved            2              1
AndXOffset              3              2
Action                  5              2
SecurityBlobLengt       7              2
ByteCount               9              2
SecurityBlob[]          11          Variable
NativeOS[]              *           Variable
NativeLanMan[]          *           Variable
PrimaryDomain[]         *           Variable

0 1 2 3 4 5 6 7 8 9 1
0		 1 2 3 4 5 6 7 8 9 2
0		 1 2 3 4 5 6 7 8 9 3
0		 1

Fields

  • Client_Request_PriorNTLM

    0 1 2 3 4 5 6 7 8 9 1
    0    		 1 2 3 4 5 6 7 8 9 2
    0    		 1 2 3 4 5 6 7 8 9 3
    0    		 1
    WordCountAndXCommandAndXReservedAndXOffset MaxBufferSizeMaxMpxCount VcNumberSessionKey PasswordLength Reserved ByteCountAccountPassword[] AccountName[]PrimaryDomain[]NativeOS[]NativeLANMan[]

    Data type: struct

    Client request format if the negotiated protocol is earlier than NTLM 0.12.

    • WordCount
      Data type: UCHAR

      Count of parameter words. The value is 10.

    • AndXCommand
      Data type: UCHAR

      Secondary command. If no secondary command exists, the value is 0xFF.

    • AndXReserved
      Data type: UCHAR

      Reserved. The value must be 0 (zero).

    • AndXOffset
      Data type: USHORT

      Offset in bytes to the WordCount location for the following command.

    • MaxBufferSize
      Data type: USHORT

      Client maximum buffer size.

    • MaxMpxCount
      Data type: USHORT

      Maximum count of pending multiplexed requests.

    • VcNumber
      Data type: USHORT

      VC number. If this is the first VC number, the value is 0 (zero).

    • SessionKey
      Data type: ULONG

      Session key. The value is valid only if VcNumber is non-zero.

    • PasswordLength
      Data type: USHORT

      Length of account password.

    • Reserved
      Data type: ULONG

      Reserved. The value must be 0 (zero).

    • ByteCount
      Data type: USHORT

      Count of data bytes.

    • AccountPassword[]
      Data type: UCHAR

      Account password.

    • AccountName[]
      Data type: STRING

      Name of account.

    • PrimaryDomain[]
      Data type: STRING

      Client primary domain.

    • NativeOS[]
      Data type: STRING

      Client native operating system.

    • NativeLANMan[]
      Data type: STRING

      Client native LAN Manager type.

  • Server_Response_PriorNTLM

    0 1 2 3 4 5 6 7 8 9 1
    0    		 1 2 3 4 5 6 7 8 9 2
    0    		 1 2 3 4 5 6 7 8 9 3
    0    		 1
    WordCountAndXCommandAndXReservecAndXOffset ActionByteCount NativeOS[] NativeLANMan[]PrimaryDomain[]

    Data type: struct

    Server response format if the negotiated protocol is earlier than NTLM 0.12.

    • WordCount
      Data type: UCHAR

      Count of parameter words. The value is 3.

    • AndXCommand
      Data type: UCHAR

      Secondary command. If no secondary command exists, the value is 0xFF.

    • AndXReservec
      Data type: UCHAR

      Reserved. The value must be 0 (zero).

    • AndXOffset
      Data type: USHORT

      Offset in bytes to the WordCount location for the following command.

    • Action
      Data type: USHORT

      Request mode.

      Value Meaning
      Bit0 Logged in as GUEST.

    • ByteCount
      Data type: USHORT

      Count of data bytes.

    • NativeOS[]
      Data type: STRING

      Server native operating system.

    • NativeLANMan[]
      Data type: STRING

      Server native LAN Manager type.

    • PrimaryDomain[]
      Data type: STRING

      Server primary domain.

  • Client_Request_NTLM_NoESS

    0 1 2 3 4 5 6 7 8 9 1
    0    		 1 2 3 4 5 6 7 8 9 2
    0    		 1 2 3 4 5 6 7 8 9 3
    0    		 1
    WordCountAndXCommandAndXReservedAndXOffset MaxBufferSizeMaxMPXCount VcNumberSessionKey CaseInsensitivePasswordlength CaseSensitivePasswordLengthReserved Capabilities ByteCount CaseInsensitivePassword[] CaseSensitivePassword[]AccountName[]PrimaryDomain[]NativeOS[]NativeLanMan[]

    Data type: struct

    Client request format if the negotiated protocol is NTLM 0.12 and the server does not support Extended Security.

    • WordCount
      Data type: UCHAR

      Count of parameter words. The value is 13.

    • AndXCommand
      Data type: UCHAR

      Secondary command. If no secondary command exists, the value is 0xFF.

    • AndXReserved
      Data type: UCHAR

      Reserved. The value must be 0 (zero).

    • AndXOffset
      Data type: USHORT

      Offset in bytes to the WordCount location for the following command.

    • MaxBufferSize
      Data type: USHORT

      Client maximum buffer size.

    • MaxMPXCount
      Data type: USHORT

      Maximum count of pending multiplexed requests.

    • VcNumber
      Data type: USHORT

      VC number. If this field is the first VC number, the value is zero.

    • SessionKey
      Data type: ULONG

      Session key. This value is valid only if VcNumber is non-zero.

    • CaseInsensitivePasswordlength
      Data type: USHORT

      Length of ASCII password.

    • CaseSensitivePasswordLength
      Data type: USHORT

      Length of Unicode password.

    • Reserved
      Data type: ULONG

      Reserved. The value must be 0 (zero).

    • Capabilities
      Data type: ULONG

      Client capabilities. The field may be a combination of the following values.

      Value Meaning
      CAP_UNICODE
      0x0004      		 Uses Unicode strings.
      CAP_LARGE_FILES
      0x0008      		 Accepts 64-bit file offsets.
      CAP_NT_SMBS
      0x0010      		 Understands NTLM 0.12 SMB commands.
      CAP_STATUS32
      0x0040      		 Can accept 32-bit error codes in the SMB_Command_Packet_Header Status field.
      CAP_LEVEL_II_OPLOCKS
      0x0080      		 Understands level II oplocks.
      CAP_NT_FIND
      0x0200

    • ByteCount
      Data type: USHORT

      Count of data bytes.

    • CaseInsensitivePassword[]
      Data type: UCHAR

      Account password, in ASCII.

    • CaseSensitivePassword[]
      Data type: UCHAR

      Account password, in Unicode.

    • AccountName[]
      Data type: STRING

      Account name, in Unicode.

    • PrimaryDomain[]
      Data type: STRING

      Client primary domain, in Unicode.

    • NativeOS[]
      Data type: STRING

      Client native operating system, in Unicode.

    • NativeLanMan[]
      Data type: STRING

      Client native LAN Manager type, in Unicode.

  • Client_Request_NTLM_ESS

    0 1 2 3 4 5 6 7 8 9 1
    0    		 1 2 3 4 5 6 7 8 9 2
    0    		 1 2 3 4 5 6 7 8 9 3
    0    		 1
    WordCountAndXCommandAndXReservedAndXOffset MaxBufferSizeMaxMpxCount VcNumberSessionKey SecurityBlobLength Reserved Capabilities ByteCountSecurityBlob[] NativeOS[]NativeLanMan[]

    Data type: struct

    Client request format if the negotiated protocol is NTLM 0.12 and the server supports Extended Security.

    • WordCount
      Data type: UCHAR

      Count of parameter words. The value is 12.

    • AndXCommand
      Data type: UCHAR

      Secondary command. If no secondary command exists, the value is 0xFF.

    • AndXReserved
      Data type: UCHAR

      Reserved. The value must be 0 (zero).

    • AndXOffset
      Data type: USHORT

      Offset in bytes to the WordCount location for the following command.

    • MaxBufferSize
      Data type: USHORT

      Client maximum buffer size.

    • MaxMpxCount
      Data type: USHORT

      Maximum count of pending multiplexed requests.

    • VcNumber
      Data type: USHORT

      VC number. If this field is the first VC number, the value is 0 (zero).

    • SessionKey
      Data type: ULONG

      Session key. This value is valid only if VcNumber is non-zero.

    • SecurityBlobLength
      Data type: USHORT

      Length of security BLOB.

    • Reserved
      Data type: ULONG

      Reserved. The value must be 0 (zero).

    • Capabilities
      Data type: ULONG

      Client capabilities. The value may be a combination of any of the following.

      Value Meaning
      CAP_UNICODE
      0x0004      		 Uses Unicode strings.
      CAP_LARGE_FILES
      0x0008      		 Accepts 64-bit file offsets.
      CAP_NT_SMBS
      0x0010      		 Understands NTLM 0.12 SMB commands.
      CAP_STATUS32
      0x0040      		 Can accept 32-bit error codes in the SMB_Command_Packet_HeaderStatus field.
      CAP_LEVEL_II_OPLOCKS
      0x0080      		 Understands level II oplocks.
      CAP_NT_FIND
      0x0200

    • ByteCount
      Data type: USHORT

      Count of data bytes.

    • SecurityBlob[]
      Data type: UCHAR

      Authentication token in RFC 2478 format.

    • NativeOS[]
      Data type: STRING

      Client native operating system, in Unicode.

    • NativeLanMan[]
      Data type: STRING

      Client native LAN Manager type, in Unicode.

  • Server_Response_NTLM_All

    0 1 2 3 4 5 6 7 8 9 1
    0    		 1 2 3 4 5 6 7 8 9 2
    0    		 1 2 3 4 5 6 7 8 9 3
    0    		 1
    WordCountAndXCommandAndXReservedAndXOffset ActionSecurityBlobLength ByteCountSecurityBlob[] NativeOS[]NativeLanMan[]PrimaryDomain[]

    Data type: struct

    Server response format if the negotiated protocol is NTLM 0.12.

    • WordCount
      Data type: UCHAR

      Count of parameter words. The value is 4.

    • AndXCommand
      Data type: UCHAR

      Secondary command. If no secondary command exists, the value is 0xFF.

    • AndXReserved
      Data type: UCHAR

      Reserved. The value must be 0 (zero).

    • AndXOffset
      Data type: USHORT

      Offset in bytes to the WordCount location for the following command.

    • Action
      Data type: USHORT

      Request mode.

      Value Meaning
      Bit0 Logged in as GUEST.

    • SecurityBlobLength
      Data type: USHORT

      Length of SecurityBlob[].

    • ByteCount
      Data type: USHORT

      Count of data bytes.

    • SecurityBlob[]
      Data type: UCHAR

      Authentication token in RFC 2478 format.

    • NativeOS[]
      Data type: STRING

      Server native operating system.

    • NativeLanMan[]
      Data type: STRING

      Server native LAN Manager type.

    • PrimaryDomain[]
      Data type: STRING

      Server primary domain.

Remarks

To authenticate, CIFS uses the standard procedures of RFC 2478 (GSS-API), which allow a client or server to call for authentication independently of the final choice of authentication method. For CIFS, the selected authentication method is either Kerberos or NTLM. By default, networked Windows 2000 or Windows XP platforms call for authentication using Kerberos. For a Windows 2000 or Windows XP platform, both Kerberos and NTLM Security Support Provider (SSP) authentication components are loaded at startup. Microsoft applications do not authenticate inline but make a Security Support Provider Interface (SSPI) Negotiate call to request authentication. A Negotiate call selects the appropriate SSP component to handle the request. As a result, networked Windows 2000 and Windows XP platforms attempt to authenticate using the Kerberos SSP; standalone and older Windows NT platforms use NTLM. A Windows 2000 CIFS server, for example, implicitly uses Kerberos for authentication.

The following error codes may be returned:

  • ERRSRV/ERRerror
  • ERRSRV/ERRbadpw
  • ERRSRV/ERRtoomanyuids
  • ERRSRV/ERRnosupport

See Also

Royalty-Free CIFS Technical Reference License Agreement