Project

General

Profile

Bug #10909

Incorrect parameters passed to DC lead to STATUS_INVALID_INFO_CLASS

Added by Sam Zaydel 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cifs - CIFS server and client
Start date:
2019-05-03
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

It has been observed that mounting SMB shares using mount.cifs (i.e. SAMBA client) on recent versions of linux leads to domain returning STATUS_INVALID_INFO_CLASS. This problem appears to be related to domain functional level being version 2012R2, and possibly anything newer than 2008R2. Same operation with 2008R2 functional level appears to work correctly and permits version to be set to 1.0, 2.0 and 2.1.

History

#1

Updated by Gordon Ross 7 months ago

From Matt: This appears to be an ndrgen bug. So far i've isolated it to the difference between Windows providing an all-0 LM challenge buffer, and (linux) mount.cifs providing a NULL LM challenge pointer. The former works, the later adds an extraneous WORD between the NT challenge and the Validation Level, which makes it look like we're setting Validation Level to 0. (the correct '3' WORD appears as a 2-byte 'long frame' in wireshark.)

#2

Updated by Gordon Ross 7 months ago

Also from Matt:
Currently, when a client gives us a NULL LM challenge response pointer, when we pass on this information to the DC via Netr SamLogon, two extra bytes get added after the NT challenge response and before the validation level. This screws up the server's decoding of our packet, and it reads these two zero bytes as the validation level. These bytes get added by ndrgen's padding routine, which defaults to 4-byte alignment. The solution, then, is to use 2-byte alignment for this interface. While I can't find a reference to alignment in the spec(s), several other functions in NETR use 2-byte alignment, and that solution works here, so that's what I'm going with.

#3

Updated by Gordon Ross 7 months ago

  • Status changed from New to In Progress
#4

Updated by Electric Monk 6 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 2849e8402eca436e7a7eca178c7ab6644a093a3e

commit  2849e8402eca436e7a7eca178c7ab6644a093a3e
Author: Matt Barden <matt.barden@nexenta.com>
Date:   2019-05-15T16:52:25.000Z

    10909 Incorrect parameters passed to DC lead to STATUS_INVALID_INFO_CLASS
    Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
    Reviewed by: Evan Layton <evan.layton@nexenta.com>
    Reviewed by: Sam Zaydel <szaydel@gmail.com>
    Approved by: Garrett D'Amore <garrett@damore.org>

Also available in: Atom PDF