Project

General

Profile

Bug #11665

SMB2 NEGOTIATE Security Mode handling is wrong

Added by Andrew Stormont 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

The SMB2 stack attempts to validate the Security Mode passed by the client by comparing it to its own Security Mode and if the two are not consistent it fails with STATUS_INVALID_PARAMETER and closes the socket:

/*
 * Negotiation itself.  First the Security Mode.
 */
secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
if (sr->sr_cfg->skc_signing_required) {
    secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
    /* Make sure client at least enables signing. */
    if ((s->cli_secmode & secmode) == 0) {
        sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
    }
}

The Security Mode is not meant to be used this way. It is only meant as a way for the client to inform the server that it has signing enabled or requires signing. Or at least that is my interpretation of the SMB2 spec. This is also consistent with what Samba does.

Fix: https://www.illumos.org/rb/r/2287/

Also attached are the results from Protocol Test Manager version 3.19.9.0 before and after the change, and a playlist that can be used to reproduce the results.

Files

NegotiateTestsAfter11665.txt (3.71 KB) NegotiateTestsAfter11665.txt Test results after applying the fix Andrew Stormont, 2019-10-11 03:21 PM
NegotiateTests.playlist (13 KB) NegotiateTests.playlist WPTS playlist for NEGOTIATE tests Andrew Stormont, 2019-10-11 03:21 PM
NegotiateTestsBefore11665.txt (3.71 KB) NegotiateTestsBefore11665.txt Test results prior to applying the fix Andrew Stormont, 2019-10-11 03:21 PM

Related issues

Related to illumos gate - Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATEClosed

Actions
Related to illumos gate - Bug #11659: SMB2 protocol version negotiation needs workClosed

Actions

History

#1

Updated by Andrew Stormont 4 months ago

  • Description updated (diff)
  • Status changed from New to Feedback
#3

Updated by Andrew Stormont 4 months ago

  • Related to Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATE added
#4

Updated by Andrew Stormont 4 months ago

  • Related to Bug #11659: SMB2 protocol version negotiation needs work added
#5

Updated by Andrew Stormont 4 months ago

  • Status changed from Feedback to Pending RTI
#6

Updated by Andrew Stormont 4 months ago

  • Description updated (diff)
#7

Updated by Electric Monk 4 months ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit ebc5aadbbe5490fb3d00525924989d180fff369d

commit  ebc5aadbbe5490fb3d00525924989d180fff369d
Author: Andrew Stormont <astormont@racktopsystems.com>
Date:   2019-10-11T22:45:32.000Z

    11665 SMB2 NEGOTIATE Security Mode handling is wrong
    11659 SMB2 protocol version negotiation needs work
    11670 SMB2_FLAGS_SIGNED is not valid during NEGOTIATE
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF