Project

General

Profile

Actions
Copy link

Bug #11665

closed

SMB2 NEGOTIATE Security Mode handling is wrong

Added by Andrew Stormont almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

The SMB2 stack attempts to validate the Security Mode passed by the client by comparing it to its own Security Mode and if the two are not consistent it fails with STATUS_INVALID_PARAMETER and closes the socket:

/*
 * Negotiation itself.  First the Security Mode.
 */
secmode = SMB2_NEGOTIATE_SIGNING_ENABLED;
if (sr->sr_cfg->skc_signing_required) {
    secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
    /* Make sure client at least enables signing. */
    if ((s->cli_secmode & secmode) == 0) {
        sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
    }
}

The Security Mode is not meant to be used this way. It is only meant as a way for the client to inform the server that it has signing enabled or requires signing. Or at least that is my interpretation of the SMB2 spec. This is also consistent with what Samba does.

Fix: https://www.illumos.org/rb/r/2287/

Also attached are the results from Protocol Test Manager version 3.19.9.0 before and after the change, and a playlist that can be used to reproduce the results.

Files

Download all files
NegotiateTestsAfter11665.txt (3.71 KB) NegotiateTestsAfter11665.txt Test results after applying the fix Andrew Stormont, 2019-10-11 03:21 PM
NegotiateTests.playlist (13 KB) NegotiateTests.playlist WPTS playlist for NEGOTIATE tests Andrew Stormont, 2019-10-11 03:21 PM
NegotiateTestsBefore11665.txt (3.71 KB) NegotiateTestsBefore11665.txt Test results prior to applying the fix Andrew Stormont, 2019-10-11 03:21 PM

Related issues

Related to illumos gate - Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATEClosed

Actions
Related to illumos gate - Bug #11659: SMB2 protocol version negotiation needs workClosedAndrew Stormont

Actions
Actions
Copy link
 #1

Updated by Andrew Stormont almost 3 years ago

  • Description updated (diff)
  • Status changed from New to Feedback
Actions
Copy link
 #3

Updated by Andrew Stormont over 2 years ago

  • Related to Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATE added
Actions
Copy link
 #4

Updated by Andrew Stormont over 2 years ago

  • Related to Bug #11659: SMB2 protocol version negotiation needs work added
Actions
Copy link
 #5

Updated by Andrew Stormont over 2 years ago

  • Status changed from Feedback to Pending RTI
Actions
Copy link
 #6

Updated by Andrew Stormont over 2 years ago

  • Description updated (diff)
Actions
Copy link
 #7

Updated by Electric Monk over 2 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit ebc5aadbbe5490fb3d00525924989d180fff369d

commit  ebc5aadbbe5490fb3d00525924989d180fff369d
Author: Andrew Stormont <astormont@racktopsystems.com>
Date:   2019-10-11T22:45:32.000Z

    11665 SMB2 NEGOTIATE Security Mode handling is wrong
    11659 SMB2 protocol version negotiation needs work
    11670 SMB2_FLAGS_SIGNED is not valid during NEGOTIATE
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions
Copy link

Also available in: Atom PDF