[cifs-protocol] [MS-SMB2] Selective Signing of ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests - TrackingID#2406060040007612

Kristian Smith Kristian.Smith at microsoft.com
Thu Jun 6 17:22:51 UTC 2024 

Hi Jones,

Thanks for digging in further and I can assure you that I appreciate the bluntness. Just to clarify, is your concern that 3.2.4.1.1 signing conditions do not cover all conditions where Windows signs the FSCTL_QUERY_NETWORK_INTERFACE_INFO request? If so, what condition is not covered?

Or, is the concern that " Windows-based clients do not selectively sign requests" from behavior note 104 should be more specific to say " Windows-based clients do not selectively sign requests beyond what is described in this document"?

In essence, I'm wondering if you are concerned that we haven't successfully outlined the conditions for signing this request, or if the word "selectively" is confusing since the signing is conditional.

Thanks again!

Regards,
Kristian Smith
Support Escalation Engineer | Microsoft(r) Corporation
Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com

-----Original Message-----
From: Jones Syue 薛懷宗 <jonessyue at qnap.com>
Sent: Wednesday, June 5, 2024 6:48 PM
To: Kristian Smith <Kristian.Smith at microsoft.com>; cifs-protocol at lists.samba.org
Cc: Microsoft Support <supportmail at microsoft.com>
Subject: [EXTERNAL] Re: [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704

> The engineering team stated that this section should cover the signing
> of FSCTL_QUERY_NETWORK_INTERFACE_INFO requests. If you have any
> additional questions, please let me know.

Hello Kristian,
Sorry for my blunt :) A question about this description[1][2]:
'Windows-based clients do *not* selectively sign requests.'
Per my test  looks like Windows-based clients did selectively sign ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests, my test result seems a bit inconsistent with what [MS-SMB2] said, could you help clarify whether this is my misunderstanding about [MS-SMB2] 6 Appendix <104>.
Thank you :)

[1] Quoted from [MS-SMB2] 3.2.4.1.1 Signing the Message
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/973630a8-8aa1-4398-89a8-13cf830f194d
If Session.SigningRequired is FALSE, the client MAY<104> sign the request.

[2] Quoted from [MS-SMB2] 6 Appendix A: Product Behavior
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/a64e55aa-1152-48e4-8206-edd96444e7f7#Appendix_A_104
<104> Section 3.2.4.1.1: A client can selectively sign requests, and the server will sign the corresponding responses.
Windows-based clients do not selectively sign requests.

--

Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.

More information about the cifs-protocol mailing list