[cifs-protocol] New case: SRX091209600095 Trans2SetPathInfo() returns truncated SMB header

Bill Wesse billwe at microsoft.com
Wed Dec 9 13:31:28 MST 2009 

Tim - I have verified that Windows 2000 through Windows 2008 R2 & Windows 7 all behave the same way - and return the invalid level DOSError 124. This is definitely by design, as is the omission of WordCount and ByteCount.

What [CIFS] and [MS-SMB] do not detail very well is how error codes are cooked before return.

It is true that the request header.Flags2 field has SMB_FLAGS2_NT_STATUS set - which one would expect to force an NT Status return code. There are cases where this is not going to occur - Trans2SetPathInfo() with an invalid level being one of them.

There are many #defined for constants and macros in cifs.h (from the Windows Driver Kit [WDK-7]) noted in the below description - and I have included the relevant ones below.

Before I can go further with a more global description of SMB error code 'cooking', I will file a TDI to request that.

For the moment, here is what's up with Trans2SetPathInfo():

In this case - an SMB_COM_TRANSACTION2 (and I think as a consequence of the history of SMB) requesting TRANS2_SET_PATH_INFORMATION (0x06) with an invalid level per [CIFS], such as SMB_SET_FILE_END_OF_FILE_INFO (0x104) - our implementation sets the internal SMB Status to STATUS_OS2_INVALID_LEVEL (cifs.h), which is '0xC098F07C'.

This is processed as follows before appearing on the wire:

If the SrvIsSrvStatus(Status) check passes (which it should, in this case, per the included #defines from cifs.h), the error code is truncated using the SrvErrorClass(Status) macro (also from cifs.h), and the error class is set to SMB_ERR_CLASS_DOS (0x1). The SMB_FLAGS2_NT_STATUS bit is cleared in the response header.Flags2 field, and the return context is marked to omit WordCount and ByteCount.

The error equates to '01 00 7C 00' :

DOSError.ErrorClass (0x0001,   1d) : SMB_ERR_CLASS_DOS
DOSError.Error      (0x007C, 124d) : SrvErrorCode(STATUS_OS2_INVALID_LEVEL)

[CIFS]
A Common Internet File System (CIFS/1.0) Protocol Preliminary Draft
http://www.microsoft.com/about/legal/protocols/BSTD/CIFS/draft-leach-cifs-v1-spec-02.txt

[WDK-7]
Windows Driver Kit Version 7.0.0
http://www.microsoft.com/downloads/details.aspx?FamilyID=2105564e-1a9a-4bf4-8d74-ec5b52da3d00&displaylang=en

[WDKI MSDN]
Windows Driver Kit
http://msdn.microsoft.com/en-us/library/aa972908.aspx

==============================================================================
winerror.h

#define ERROR_INVALID_LEVEL              124L

==============================================================================
cifs.h

#define SrvIsSrvStatus(Status) \
    ( ((Status) & 0x1FFF0000) == SRV_STATUS_FACILITY_CODE ? TRUE : FALSE )

#define SrvErrorClass(Status) ((UCHAR)( ((Status) & 0x0000F000) >> 12 ))

#define STATUS_OS2_INVALID_LEVEL (NTSTATUS)(SRV_OS2_STATUS | ERROR_INVALID_LEVEL)

#define SrvErrorCode(Status) ((USHORT)( (Status) & 0xFFF) )

#define SMB_ERR_CLASS_DOS (UCHAR)0x01

#define SRV_STATUS_FACILITY_CODE       0x00980000L
#define SRV_SRV_STATUS                (0xC0000000L | SRV_STATUS_FACILITY_CODE)
#define SRV_DOS_STATUS                (0xC0001000L | SRV_STATUS_FACILITY_CODE)
#define SRV_SERVER_STATUS             (0xC0002000L | SRV_STATUS_FACILITY_CODE)
#define SRV_HARDWARE_STATUS           (0xC0003000L | SRV_STATUS_FACILITY_CODE)
#define SRV_WIN32_STATUS              (0xC000E000L | SRV_STATUS_FACILITY_CODE)
#define SRV_OS2_STATUS                (0xC000F000L | SRV_STATUS_FACILITY_CODE)

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Tim Prouty [mailto:tim.prouty at isilon.com] 
Sent: Wednesday, December 09, 2009 12:24 PM
To: Bill Wesse
Cc: Jeremy Allison; cifs-protocol at samba.org; pfif at tridgell.net
Subject: Re: New case: SRX091209600095 Trans2SetPathInfo() returns truncated SMB header

Thank you Bill.  I'm looking forward to hearing the results of your  
investigation.

-Tim

On Dec 9, 2009, at 9:13 AM, Bill Wesse wrote:

> Hello Tim - I have created case SRX091209600095 to track this issue.  
> My current test setup is Ubuntu 9.10 against Windows 2008 R2. I will  
> be testing against Windows 7, Windows Vista, and Windows XP (and  
> Windows 2000 if necessary) before proceeding with any product bug  
> filings.
>
> Samba4 from: http://samba.org/~tprouty/samba.2009.12.08.tar.gz
>
> From trans2setpathinfo_against_win7_2.cap in the attached zip (using  
> Network Monitor 3.4):
>
>  Frame: Number = 39, Captured Frame Length = 244, MediaType = ETHERNET
> + Ethernet: Etype = Internet IP (IPv4),DestinationAddress: 
> [00-0C-29-84-0A-41],SourceAddress:[00-0C-29-3F-D2-D7]
> + Ipv4: Src = 10.54.159.14, Dest = 10.54.159.10, Next Protocol =  
> TCP, Packet ID = 42077, Total IP Length = 230
> + Tcp: Flags=...AP..., SrcPort=58261, DstPort=Microsoft-DS(445),  
> PayloadLen=178, Seq=2212562830 - 2212563008, Ack=108947765, Win=566
> + SMBOverTCP: Length = 174
> - Smb: C; Transact2, Set Path Info, Set File EOF Info, Path =  
> \testsfileinfo\test_sfileinfo_end_of_file.dat
>    Protocol: SMB
>    Command: Transact2 50(0x32)
>  + NTStatus: 0x0, Facility = FACILITY_SYSTEM, Severity =  
> STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
>  + SMBHeader: Command, TID: 0x0800, PID: 0x5935, UID: 0x0800, MID:  
> 0x0009
>  - CTransaction2:
>     WordCount: 15 (0xF)
>     TotalParameterCount: 98 (0x62)
>     TotalDataCount: 8 (0x8)
>     MaxParameterCount: 2 (0x2)
>     MaxDataCount: 0 (0x0)
>     MaxSetupCount: 0 (0x0)
>     Reserved: 0 (0x0)
>   + Flags: Do NOT disconnect TID
>     Timeout: 0 sec(s)
>     Reserved2: 0 (0x0)
>     ParameterCount: 98 (0x62)
>     ParameterOffset: 68 (0x44)
>     DataCount: 8 (0x8)
>     DataOffset: 166 (0xA6)
>     SetupCount: 1 (0x1)
>     Reserved3: 0 (0x0)
>     SubCommand: Set Path Info, 6(0x0006)
>     ByteCount: 109 (0x6D)
>     Pad1: Binary Large Object (3 Bytes)
>   - SetPathInfoParameterBlock:
>      InformationLevel: Set File EOF Info
>      padding: 0 (0x0)
>    + PathName: \testsfileinfo\test_sfileinfo_end_of_file.dat
>   + EndOfFile: 200
>
>  Frame: Number = 40, Captured Frame Length = 102, MediaType = ETHERNET
> + Ethernet: Etype = Internet IP (IPv4),DestinationAddress: 
> [00-0C-29-3F-D2-D7],SourceAddress:[00-0C-29-84-0A-41]
> + Ipv4: Src = 10.54.159.10, Dest = 10.54.159.14, Next Protocol =  
> TCP, Packet ID = 14043, Total IP Length = 88
> + Tcp: Flags=...AP..., SrcPort=Microsoft-DS(445), DstPort=58261,  
> PayloadLen=36, Seq=108947765 - 108947801, Ack=2212563008, Win=260
> + SMBOverTCP: Length = 32
> - Smb: R - DOS OS Error, (124) INVALID_LEVEL
>    Protocol: SMB
>    Command: Transact2 50(0x32)
>  + DOSError: DOS OS Error - (124) INVALID_LEVEL
>  - SMBHeader: Response, TID: 0x0800, PID: 0x5935, UID: 0x0800, MID:  
> 0x0009
>   + Flags: 136 (0x88)
>   + Flags2: 34819 (0x8803)
>     PIDHigh: 0 (0x0)
>     SecuritySignature: 0x0
>     Unused: 0 (0x0)
>     TreeID: 2048 (0x800)
>     ProcessID: 22837 (0x5935)
>     UserID: 2048 (0x800)
>     MultiplexID: 9 (0x9)
>
>
>
>
> Regards,
> Bill Wesse
> MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> 8055 Microsoft Way
> Charlotte, NC 28273
> TEL:  +1(980) 776-8200
> CELL: +1(704) 661-5438
> FAX:  +1(704) 665-9606
>
> <Captures.zip.bin>

More information about the cifs-protocol mailing list