[cifs-protocol] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO

Jones Syue 薛懷宗 jonessyue at qnap.com
Wed Apr 17 03:52:54 UTC 2024 

Hello Dochelp,

Per multichannel test[1] and wireshark packet[2], windows client would sign 
request/response pair of SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO.
Both [MS-SMB2] 3.3.5.15.11 and 3.2.5.14.11 looks like not mention about it,
please help clarify:
1. sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO is expected?
2. if expected, could we update [MS-SMB2] to document this behavior? a bit
   like what Tree Connect[3] and Session Setup[4] did.

Thank you :)

[1] smb server is ws2022, account is 'administrator' with password.
| smb client   | sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO?
| ------------ + ---
| ws2022       | yes
| ws2016       | yes
| ws2016       | yes
| ws2012r2     | yes
| ws2012       | yes

[2] smb server is ws2022, smb client is ws2016, account is 'administrator'.
No.  |Time      |Prot|Signature                       |Info
-----+----------+----+--------------------------------+----
35467 16:47:09.9 SMB                                   Negotiate Protocol Request
35468 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response
35469 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Request
35470 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response
35472 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_NEGOTIATE
35473 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
35474 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_AUTH, User: \administrator
35475 16:47:09.9 SMB2 73182d37759c7741ae0caced9ef04185 Session Setup Response
35476 16:47:09.9 SMB2 ec1d8a66ebea6120e5f8c44be2ba0dc4 Tree Connect Request Tree: \\${MY_IP}\IPC$
35477 16:47:09.9 SMB2 ad4572986b7fae36168ea18c87bb8a9b Tree Connect Response
35478 16:47:09.9 SMB2 d31c1cb4e3ca5df3766faf76a3b6da8a Ioctl Request FSCTL_QUERY_NETWORK_INTERFACE_INFO
35479 16:47:09.9 SMB2 790b171573367693323aa73ddf4de49f Ioctl Response FSCTL_QUERY_NETWORK_INTERFACE_INFO
35480 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \${MY_IP}\ramdisk
35482 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Response, Error: STATUS_FS_DRIVER_REQUIRED

[3] 3.3.5.7 Receiving an SMB2 TREE_CONNECT Request
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87
If Connection.Dialect is "3.1.1" and Session.IsAnonymous and 
Session.IsGuest are set to FALSE and the request is not signed or not 
encrypted, then the server MUST disconnect the connection.

[4] 3.3.5.5.3 Handling GSS-API Authentication
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5ed93f06-a1d2-4837-8954-fa8b833c2654
12. If the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags 
field, and Session.IsAnonymous is FALSE, the server MUST sign the final 
session setup response before sending it to the client, as follows:

--

Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.

More information about the cifs-protocol mailing list