Project

General

Profile

Bug #11665

Updated by Andrew Stormont almost 3 years ago

The SMB2 stack attempts to validate the Security Mode passed is set by the client by comparing it server to its own Security Mode and if the two are not consistent it fails with STATUS_INVALID_PARAMETER and closes the socket: 
 <pre> 
 /* 
  * Negotiation itself.    First the Security Mode. 
  */ 
 secmode = SMB2_NEGOTIATE_SIGNING_ENABLED; 
 if (sr->sr_cfg->skc_signing_required) { 
	 secmode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; 
	 /* Make sure client at least enables signing. */ 
	 if ((s->cli_secmode & secmode) == 0) { 
		 sr->smb2_status = NT_STATUS_INVALID_PARAMETER; 
	 } 
 } 
 </pre> 
 The Security Mode indicate whether signing is not meant to be enabled, required, or both. This is used this way.    It is only meant as a way for information purposes by the client to inform the server that it has signing enabled or requires signing.    Or at least that is my interpretation of the SMB2 spec.    This is also consistent with what Samba does. 
 for follow up requests.

Back