Domain name string in SMB Negotiate Protocol Response always unicode?

Sat Jul 23 00:13:47 GMT 2005

On Fri, 22 Jul 2005 14:34:35 -0700
Yimin Chen <ymchen at cisco.com> wrote:

> Hi,
> 
> In my testing, I noticed that
> 
> 1) in Negotiate Protocol Response from a W2K domain controller, the 
> domain and server NetBIOS names are always unicode even though flag2 in 
> SMB header indicate the string is ASCII.

I seem to recall something like this but after looking at my code for
this I see no exceptions so ...

> 2) In Session Setup Andx Response from a W2K domain controller, the 
> domain name string is indeed ASCII if flag2 indicates so.

One thing I do have an exception for is the fact the W2K at least can
return the PrimaryDomain with a truncated zero terminator if the string
is unicode. Meaning there is only one zero byte instead of two so you
must use ByteCount to limit decoding PrimaryDomain.

> Have anyone seen such behavior? Is this expected? Your clarification is 
> appreciated!

Note that negotiating "ASCII" with W2K and above is not even possible
unless you do change the client policy doing Start > Run > secpol.msc
and set "Microsoft network client: Send unencrypted passwords to connect
to third-party SMB servers" to Enabled.

Mike

>          Flags2: 0x0000
>              0... .... .... .... = Unicode Strings: Strings are ASCII
>          Primary Domain: CNBU1
>          Server: AD-TEST-1
> 
> 0000  00 02 4a 4b 00 38 00 02 b3 10 b9 22 08 00 45 00   ..JK.8....."..E.
> 0010  00 99 dc c1 40 00 80 06 9a 3b 80 6b c1 b2 80 6b   .... at ....;.k...k
> 0020  c0 d8 00 8b 63 8f 5c 7a ec d0 c2 bc dd c8 50 18   ....c.\z......P.
> 0030  ff 0f f8 d0 00 00 00 00 00 6d ff 53 4d 42 72 00   .........m.SMBr.
> 0040  00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00   ................
> 0050  00 00 00 00 f4 26 00 00 f4 26 11 06 00 03 32 00   .....&...&....2.
> 0060  01 00 04 41 00 00 00 00 01 00 00 00 00 00 fd f3   ...A............
> 0070  00 00 e0 2e d1 a3 45 7b c5 01 a4 01 08 28 00 14   ......E{.....(..
> 0080  b8 c7 57 d1 13 4e 67 43 00 4e 00 42 00 55 00 31   ..W..NgC.N.B.U.1
> 0090  00 00 00 41 00 44 00 2d 00 54 00 45 00 53 00 54   ...A.D.-.T.E.S.T
> 00a0  00 2d 00 31 00 00 00                              .-.1...