Project

General

Profile

Bug #11659

SMB2 protocol version negotiation needs work

Added by Andrew Stormont about 2 months ago. Updated 9 days ago.

Status:
Closed
Priority:
Normal
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

No response is emitted when a NEGOTIATE request is received with dialects that are unsupported. This appears to be due to the fact that the response header is not properly initialised. The code also attempts to respond with NT_STATUS_INVALID_PARAMETER:

best_version = smb2_find_best_dialect(s, cl_versions, version_cnt);
if (best_version == 0) {
    cmn_err(CE_NOTE, "clnt %s no supported dialect",
        sr->session->ip_addr_str);
    sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
    rc = -1;
    goto errout;
}

Whereas the correct response is NT_STATUS_NOT_SUPPORTED:

The server MUST select the greatest common dialect between the dialects it implements and the Dialects array of the SMB2 NEGOTIATE request. If a common dialect is not found, the server MUST fail the request with STATUS_NOT_SUPPORTED.

We also do not properly handle the cases where no dialect is given and drop the connection when we should leave it open.

This will be fixed as part of #11665.


Related issues

Related to illumos gate - Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATEClosed

Actions
Related to illumos gate - Bug #11665: SMB2 NEGOTIATE Security Mode handling is wrongClosed

Actions

History

#1

Updated by Andrew Stormont about 1 month ago

  • Description updated (diff)
#2

Updated by Andrew Stormont 18 days ago

  • Description updated (diff)
#3

Updated by Andrew Stormont 18 days ago

  • Description updated (diff)
  • Status changed from New to In Progress
  • Assignee set to Andrew Stormont
#4

Updated by Andrew Stormont 10 days ago

  • Related to Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATE added
#5

Updated by Andrew Stormont 10 days ago

  • Status changed from In Progress to Pending RTI
#6

Updated by Andrew Stormont 10 days ago

  • Related to Bug #11665: SMB2 NEGOTIATE Security Mode handling is wrong added
#7

Updated by Andrew Stormont 10 days ago

  • Description updated (diff)
#8

Updated by Electric Monk 9 days ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit ebc5aadbbe5490fb3d00525924989d180fff369d

commit  ebc5aadbbe5490fb3d00525924989d180fff369d
Author: Andrew Stormont <astormont@racktopsystems.com>
Date:   2019-10-11T22:45:32.000Z

    11665 SMB2 NEGOTIATE Security Mode handling is wrong
    11659 SMB2 protocol version negotiation needs work
    11670 SMB2_FLAGS_SIGNED is not valid during NEGOTIATE
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF