[cifs-protocol] SMB3 encryption over multiple requests

Stefan (metze) Metzmacher metze at samba.org
Wed Aug 8 10:37:42 MDT 2012


I just found out that windows2012 RC sends multiple compound requests
within just one encrypted SMB2_TRANSFORM message.

From reading [MS-SMB2] version 37.0 I had the impression that each
request would be encrypted on its own, similar to how signing works.

Can the other receiver side rely on the fact that all messages within a
SMB2_TRANSFORM message belong to the same session as the session (referenced
by the session id in the SMB2_TRANSFORM header) used for the encryption?

What will happen if a client send unrelated compound requests?

What about async responses with STATUS_PENDING, are they also encrypted?

How does it work, when the last request in a compound chain goes async?

Are Oplock/Lease Break Notifications encrypted?

Can there be more than one SMB2_TRANSFORM message within a transport
layer message?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120808/c3e0da2c/attachment.pgp>

More information about the cifs-protocol mailing list