[cifs-protocol] RE: [Pfif] CAR: Error in SMB2 Netprot description.

Hongwei Sun hongweis at microsoft.com
Thu Jun 4 18:53:05 GMT 2009 

Jeremy,

   Thanks  for the request.  We will work on this and let you know once we complete the investigation.

--------------------------------------------------------------------
Hongwei  Sun - Sr. Support Escalation Engineer
DSC Protocol  Team, Microsoft
hongweis at microsoft.com
Tel:  469-7757027 x 57027
---------------------------------------------------------------------


-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: Thursday, June 04, 2009 1:40 PM
To: Jeremy Allison
Cc: Interoperability Documentation Help; cifs-protocol at samba.org
Subject: Re: [Pfif] CAR: Error in SMB2 Netprot description.

On Thu, Jun 04, 2009 at 11:33:41AM -0700, Jeremy Allison wrote:
> Hi all,
> 
> I believe there is an error in [MS-SMB2] — v20090521 in the
> description of 2.2.4 SMB2 NEGOTIATE Response.
> 
> At the end of this section on page 35 it says:
> 
> "Buffer (variable): The variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section 3.3.5.3."
> 
> The "MUST" statement is incorrect. The Windows client
> behavior is that if a null buffer is returned in this
> field, then the client will downgrade to using raw-NTLMSSP
> blobs for sessionsetup instead of SPNEGO wrapped blobs.
> 
> I can provide proof of this as a packet trace on request.
> 
> I think this is important to fix for the SMB2 client implementations,
> which otherwise are forced to implement SPNEGO ASN.1 parsing.

Sorry, should have realized - there are two more "MUSTS"
which are incorrect.

Section "2.2.5 SMB2 SESSION_SETUP Request" also has a MUST
at the end of the section:

"Buffer (variable): A variable-length buffer that contains the security buffer for the request, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section 3.3.5.5."

and also "2.2.6 SMB2 SESSION_SETUP Response" has a MUST
at the end of the section:

"Buffer (variable): A variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section 3.2.5.3."

The values in these buffers can be a raw NTLMSSP data
blob instead of a GSS blob.

No need to open a new CAR, just attach these ammendments
to the existing one.

Jeremy Allison,
Samba Team/PFIF.

More information about the cifs-protocol mailing list