On Tue, Mar 04, 2003 at 02:28:03PM -0800, Richard Sharpe wrote:
> I have seen an SMB/CIFS capture from an EMC filer with some interesting
> characteristics. The EMC CIFS guy here at Connectathon says that it is a
> configuration issue.
>
> However. What we are seeing is in a NegProt response. LanMan2.1 or better,
> type 17. The Domain and Server name are clearly in UniCode.
>
> Flags2 says UNICODE is in use, while Capabilities says it is not! Clearly
> one confused filer :-)
>
> I think we should change dissect_negprot_reply to look at the flags2 field
> rather than the capabilities field, or in addition to the capabilities
> field.
Well, the SNIA CIFS spec:
http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf
says on page 21 ("33 of 150"), in the table describing the Flags2 field:
Bit Name: SMB_FLAGS2_ Meaning Earliest Dialect
15 UNICODE If set, any fields of NT LM 0.12
datatype STRING in this
SMB message are encoded
as UNICODE. Otherwise,
they are in ASCII. The
character encoding for
Unicode fields SHOULD
be UTF-16 (little
endian).
so that would suggest that it's the right bit to test.
However, the description of NegProt also makes one wonder how the hell
the server can claim not to support Unicode strings *in the very reply
that contains a Unicode string*.
On the other hand, that description *also* says that the OemDomainName
in an NT 0.12 NegProt resposne is "in OEM chars", but apparently it's
not always in OEM characters, sometimes it's in Unicode.
