[cifs-protocol] [REG:115100613235242] Send oplock breaks unencrypted, as lease breaks are sent plain?

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Oct 23 11:07:36 UTC 2015


Hi, Edgar!

Thanks for the info, I've submitted the corresponding patch
for upstream Samba. Keep me posted please :-)

Thanks, Volker

On Fri, Oct 23, 2015 at 07:07:16AM +0000, Edgar Olougouna wrote:
> Volker,
> Your temporary fix of sending UN-encrypted oplock break notification is generally fine. Since the oplock notification is an unsolicited message from the server, i.e it is not sent as a "response" to an encrypted request, the client will not reject it due to an outstanding MessageId whose response would have been expected to be encrypted. Recall that oplockBreakNotfication.MessageId = 0xFFFFFFFFFFFFFFFF.
> Overall, the issue has been reported as a product bug and the team is looking into the best way to address.
> I will inform you, should a document update emanate from the fix.
> 
> Thanks,
> Edgar
> 
> -----Original Message-----
> From: Edgar Olougouna 
> Sent: Tuesday, October 20, 2015 4:39 PM
> To: 'Volker.Lendecke at SerNet.DE' <Volker.Lendecke at SerNet.DE>
> Cc: 'cifs-protocol at lists.samba.org' <cifs-protocol at lists.samba.org>; MSSolve Case Email <casemail at microsoft.com>
> Subject: RE: [cifs-protocol] [REG:115100613235242] Send oplock breaks unencrypted, as lease breaks are sent plain?
> 
> The client is failing the "decryption" and dropping the oplock break notification. 
> From my current analysis, it's most likely this validation: Smb2Header->SessionId != TransformHeader.SessionId.
> For an oplock break notification, Smb2Header->SessionId is 0.
> I will keep you updated.
> 
> Thanks,
> Edgar
> 
> -----Original Message-----
> From: Edgar Olougouna 
> Sent: Monday, October 19, 2015 4:47 PM
> To: Volker.Lendecke at SerNet.DE
> Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
> Subject: RE: [cifs-protocol] [REG:115100613235242] Send oplock breaks unencrypted, as lease breaks are sent plain?
> 
> Thank you for collecting the traces. We now have more data to work with. 
> I will keep you posted.
> 
> Edgar
> 
> -----Original Message-----
> From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE] 
> Sent: Monday, October 19, 2015 10:39 AM
> To: Edgar Olougouna <edgaro at microsoft.com>
> Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
> Subject: Re: [cifs-protocol] [REG:115100613235242] Send oplock breaks unencrypted, as lease breaks are sent plain?
> 
> On Fri, Oct 16, 2015 at 03:05:48AM +0000, Edgar Olougouna wrote:
> > Volker,
> > It would be great if you can collect traces of your repro: 
> > - SMB ETW (t.cmd) on the client.
> > - Netmon (or Wireshark) capture, on the server. 
> > - AND Message Analyzer (MA) trace, on the server.  
> 
> I've hopefully done the right traces Windows 8.1 to Windows 8.1, uploaded them to
> 
> https://na01.safelinks.protection.outlook.com/?url=https:%2f%2fwww.samba.org%2f~vlendec%2f115100613235242%2ftraces.zip&data=01%7C01%7Cedgaro%40microsoft.com%7C3b25950d1fd64dbe061808d2d89b8c99%7C72f988bf86f141af91ab2d7cd011db47%7C1&sdata=TXtLtMFDgUZzHfcPOj4GTBwX4AKWHIWar1hXhJ%2fegec%3d
> 
> Please take a look. I've tried to play "raft.mp4". It failed. I've done the t.cmd clion and netsh trace start on the client, I've done a netsh trace start on the server together with a netmon trace.
> 
> Thanks, Volker
> 
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.sernet.de&data=01%7c01%7cedgaro%40microsoft.com%7c3b25950d1fd64dbe061808d2d89b8c99%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ajZ%2fOvojvkFva3VpT5dJHzDUSF%2fiZPURAkVFFWJdjzU%3d, mailto:kontakt at sernet.de

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

Besuchen Sie uns vom 10.-11.11.15 auf der ISSE!
Information Security Solutions Europe Conference
Hotel Palace Berlin, 20%-Rabattcode: "ISSE15SP"

Meet us at Information Security Conference ISSE!
November 10th - 11th 2015 in Hotel Palace Berlin
For 20% discount take voucher code:  "ISSE15SP"



More information about the cifs-protocol mailing list