[cifs-protocol] Re: [Pfif] CAR: Error in SMB2 Netprot description.

Thu, 04 Jun 2009 11:51:25 -0700 

On Thu, Jun 04, 2009 at 11:39:38AM -0700, Jeremy Allison wrote:
> On Thu, Jun 04, 2009 at 11:33:41AM -0700, Jeremy Allison wrote:
> > Hi all,
> > 
> > I believe there is an error in [MS-SMB2] — v20090521 in the
> > description of 2.2.4 SMB2 NEGOTIATE Response.
> > 
> > At the end of this section on page 35 it says:
> > 
> > "Buffer (variable): The variable-length buffer that contains the security 
> > buffer for the response, as specified by SecurityBufferOffset and 
> > SecurityBufferLength. The buffer MUST contain a token as produced by the 
> > GSS protocol as specified in section 3.3.5.3."
> > 
> > The "MUST" statement is incorrect. The Windows client
> > behavior is that if a null buffer is returned in this
> > field, then the client will downgrade to using raw-NTLMSSP
> > blobs for sessionsetup instead of SPNEGO wrapped blobs.
> > 
> > I can provide proof of this as a packet trace on request.
> > 
> > I think this is important to fix for the SMB2 client implementations,
> > which otherwise are forced to implement SPNEGO ASN.1 parsing.
> 
> Sorry, should have realized - there are two more "MUSTS"
> which are incorrect.
> 
> Section "2.2.5 SMB2 SESSION_SETUP Request" also has a MUST
> at the end of the section:
> 
> "Buffer (variable): A variable-length buffer that contains the security 
> buffer for the request, as specified by SecurityBufferOffset and 
> SecurityBufferLength. The buffer MUST contain a token as produced by the GSS 
> protocol as specified in section 3.3.5.5."
> 
> and also "2.2.6 SMB2 SESSION_SETUP Response" has a MUST
> at the end of the section:
> 
> "Buffer (variable): A variable-length buffer that contains the security 
> buffer for the response, as specified by SecurityBufferOffset and 
> SecurityBufferLength. The buffer MUST contain a token as produced by the GSS 
> protocol as specified in section 3.2.5.3."
> 
> The values in these buffers can be a raw NTLMSSP data
> blob instead of a GSS blob.
> 
> No need to open a new CAR, just attach these ammendments
> to the existing one.

As requested, here is the wireshark capture trace showing this
behavior.

Jeremy.

Attachment: win7-raw-ntlmssp-sessionsetup.cap
Description: application/cap

_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to