[cifs-protocol] [Pfif] CAR: Error in SMB2 Netprot description.

Jeremy Allison jra at samba.org
Thu Jun 4 18:33:41 GMT 2009

Hi all,

I believe there is an error in [MS-SMB2] — v20090521 in the
description of 2.2.4 SMB2 NEGOTIATE Response.

At the end of this section on page 35 it says:

"Buffer (variable): The variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section"

The "MUST" statement is incorrect. The Windows client
behavior is that if a null buffer is returned in this
field, then the client will downgrade to using raw-NTLMSSP
blobs for sessionsetup instead of SPNEGO wrapped blobs.

I can provide proof of this as a packet trace on request.

I think this is important to fix for the SMB2 client implementations,
which otherwise are forced to implement SPNEGO ASN.1 parsing.

Jeremy Allison,
Samba Team/Pfif member.

More information about the cifs-protocol mailing list