[cifs-protocol] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704

Kristian Smith Kristian.Smith at microsoft.com
Wed Apr 17 15:19:55 UTC 2024 

 [Case number in subject]
 [Casemail to cc]
 [Dochelp to bcc]

 Hi Jones,

Thank you for your request. The case number 2404170040007704 has been created for this inquiry. One of our team members will follow up with you soon.


Regards,

Kristian Smith

Support Escalation Engineer | Azure DevOps, Windows Protocols | Microsoft® Corporation

Office phone: +1 425-421-4442

Email: kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>

________________________________
From: Jones Syue 薛懷宗 <jonessyue at qnap.com>
Sent: Tuesday, April 16, 2024 8:52 PM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO

[Some people who received this message don't often get email from jonessyue at qnap.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Hello Dochelp,

Per multichannel test[1] and wireshark packet[2], windows client would sign
request/response pair of SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO.
Both [MS-SMB2] 3.3.5.15.11 and 3.2.5.14.11 looks like not mention about it,
please help clarify:
1. sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO is expected?
2. if expected, could we update [MS-SMB2] to document this behavior? a bit
   like what Tree Connect[3] and Session Setup[4] did.

Thank you :)

[1] smb server is ws2022, account is 'administrator' with password.
| smb client   | sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO?
| ------------ + ---
| ws2022       | yes
| ws2016       | yes
| ws2016       | yes
| ws2012r2     | yes
| ws2012       | yes

[2] smb server is ws2022, smb client is ws2016, account is 'administrator'.
No.  |Time      |Prot|Signature                       |Info
-----+----------+----+--------------------------------+----
35467 16:47:09.9 SMB                                   Negotiate Protocol Request
35468 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response
35469 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Request
35470 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response
35472 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_NEGOTIATE
35473 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
35474 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_AUTH, User: \administrator
35475 16:47:09.9 SMB2 73182d37759c7741ae0caced9ef04185 Session Setup Response
35476 16:47:09.9 SMB2 ec1d8a66ebea6120e5f8c44be2ba0dc4 Tree Connect Request Tree: \\${MY_IP}\IPC$
35477 16:47:09.9 SMB2 ad4572986b7fae36168ea18c87bb8a9b Tree Connect Response
35478 16:47:09.9 SMB2 d31c1cb4e3ca5df3766faf76a3b6da8a Ioctl Request FSCTL_QUERY_NETWORK_INTERFACE_INFO
35479 16:47:09.9 SMB2 790b171573367693323aa73ddf4de49f Ioctl Response FSCTL_QUERY_NETWORK_INTERFACE_INFO
35480 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \${MY_IP}\ramdisk
35482 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Response, Error: STATUS_FS_DRIVER_REQUIRED

[3] 3.3.5.7 Receiving an SMB2 TREE_CONNECT Request
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-smb2%2F652e0c14-5014-4470-999d-b174d7b2da87&data=05%7C02%7CKristian.Smith%40microsoft.com%7C15aca1f4e4e2478d01a408dc5e91e302%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638489227933111100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=qHtprlLjT3XJIrCPRdYjIyZSsxxe6qLJxzxAZNDf%2Bqg%3D&reserved=0<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87>
If Connection.Dialect is "3.1.1" and Session.IsAnonymous and
Session.IsGuest are set to FALSE and the request is not signed or not
encrypted, then the server MUST disconnect the connection.

[4] 3.3.5.5.3 Handling GSS-API Authentication
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-smb2%2F5ed93f06-a1d2-4837-8954-fa8b833c2654&data=05%7C02%7CKristian.Smith%40microsoft.com%7C15aca1f4e4e2478d01a408dc5e91e302%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638489227933117857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=xQG04ktvc7q%2FVcHXtl8oxif9EARayQwNht3QFrZ0DGw%3D&reserved=0<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5ed93f06-a1d2-4837-8954-fa8b833c2654>
12. If the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags
field, and Session.IsAnonymous is FALSE, the server MUST sign the final
session setup response before sending it to the client, as follows:

--

Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240417/7cc2cf6e/attachment.htm>

More information about the cifs-protocol mailing list