Actions
Bug #11665
closedSMB2 NEGOTIATE Security Mode handling is wrong
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
The SMB2 stack attempts to validate the Security Mode passed by the client by comparing it to its own Security Mode and if the two are not consistent it fails with STATUS_INVALID_PARAMETER and closes the socket:
/* * Negotiation itself. First the Security Mode. */ secmode = SMB2_NEGOTIATE_SIGNING_ENABLED; if (sr->sr_cfg->skc_signing_required) { secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; /* Make sure client at least enables signing. */ if ((s->cli_secmode & secmode) == 0) { sr->smb2_status = NT_STATUS_INVALID_PARAMETER; } }
The Security Mode is not meant to be used this way. It is only meant as a way for the client to inform the server that it has signing enabled or requires signing. Or at least that is my interpretation of the SMB2 spec. This is also consistent with what Samba does.
Fix: https://www.illumos.org/rb/r/2287/
Also attached are the results from Protocol Test Manager version 3.19.9.0 before and after the change, and a playlist that can be used to reproduce the results.
Files
Related issues
Updated by Andrew Stormont almost 3 years ago
- Description updated (diff)
- Status changed from New to Feedback
Updated by Andrew Stormont over 2 years ago
Updated by Andrew Stormont over 2 years ago
- Related to Bug #11670: SMB2_FLAGS_SIGNED is not valid during NEGOTIATE added
Updated by Andrew Stormont over 2 years ago
- Related to Bug #11659: SMB2 protocol version negotiation needs work added
Updated by Andrew Stormont over 2 years ago
- Status changed from Feedback to Pending RTI
Updated by Electric Monk over 2 years ago
- Status changed from Pending RTI to Closed
- % Done changed from 0 to 100
git commit ebc5aadbbe5490fb3d00525924989d180fff369d
commit ebc5aadbbe5490fb3d00525924989d180fff369d Author: Andrew Stormont <astormont@racktopsystems.com> Date: 2019-10-11T22:45:32.000Z 11665 SMB2 NEGOTIATE Security Mode handling is wrong 11659 SMB2 protocol version negotiation needs work 11670 SMB2_FLAGS_SIGNED is not valid during NEGOTIATE Reviewed by: Gordon Ross <gordon.w.ross@gmail.com> Approved by: Dan McDonald <danmcd@joyent.com>
Actions