[cifs-protocol] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704
Kristian Smith
Kristian.Smith at microsoft.com
Wed May 29 16:28:22 UTC 2024
Hi Jones,
I’m following up on this case with regards to signing of Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests as my last email was inaccurate. After the engineering team conducted further research, they determined that Windows (operating as a server) does not *require* that these incoming requests from the client are signed. Windows clients do, however, sign these requests. As a result, there will not be any update to the [MS-SMB2] document.
Sorry for any confusion this may have caused.
Regards,
Kristian Smith
Support Escalation Engineer | Microsoft(r) Corporation
Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>
From: Kristian Smith <Kristian.Smith at microsoft.com>
Sent: Monday, April 22, 2024 1:50 PM
To: Jones Syue 薛懷宗 <jonessyue at qnap.com>; cifs-protocol at lists.samba.org
Cc: Microsoft Support <supportmail at microsoft.com>
Subject: Re: [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704
Hi Jones,
Your suspicion is correct that this is the expected behavior. Signing of Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests is indeed required by the server. I will request a modification to the [MS-SMB2] document to reflect this fact. The changes will be found in an upcoming version of the document.
Thanks for reaching out and helping us improve the doc!
Regards,
Kristian Smith
Support Escalation Engineer | Microsoft(r) Corporation
Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>
________________________________
From: Kristian Smith <Kristian.Smith at microsoft.com<mailto:Kristian.Smith at microsoft.com>>
Sent: Wednesday, April 17, 2024 8:19 AM
To: Jones Syue 薛懷宗 <jonessyue at qnap.com<mailto:jonessyue at qnap.com>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org> <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Cc: Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: Re: [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704
[Case number in subject]
[Casemail to cc]
[Dochelp to bcc]
Hi Jones,
Thank you for your request. The case number 2404170040007704 has been created for this inquiry. One of our team members will follow up with you soon.
Regards,
Kristian Smith
Support Escalation Engineer | Azure DevOps, Windows Protocols | Microsoft(r) Corporation
Office phone: +1 425-421-4442
Email: kristian.smith at microsoft.com<mailto:kristian.smith at microsoft.com>
________________________________
From: Jones Syue 薛懷宗 <jonessyue at qnap.com<mailto:jonessyue at qnap.com>>
Sent: Tuesday, April 16, 2024 8:52 PM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org> <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO
[Some people who received this message don't often get email from jonessyue at qnap.com<mailto:jonessyue at qnap.com>. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Hello Dochelp,
Per multichannel test[1] and wireshark packet[2], windows client would sign
request/response pair of SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO.
Both [MS-SMB2] 3.3.5.15.11 and 3.2.5.14.11 looks like not mention about it,
please help clarify:
1. sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO is expected?
2. if expected, could we update [MS-SMB2] to document this behavior? a bit
like what Tree Connect[3] and Session Setup[4] did.
Thank you :)
[1] smb server is ws2022, account is 'administrator' with password.
| smb client | sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO?
| ------------ + ---
| ws2022 | yes
| ws2016 | yes
| ws2016 | yes
| ws2012r2 | yes
| ws2012 | yes
[2] smb server is ws2022, smb client is ws2016, account is 'administrator'.
No. |Time |Prot|Signature |Info
-----+----------+----+--------------------------------+----
35467 16:47:09.9 SMB Negotiate Protocol Request
35468 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response
35469 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Request
35470 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response
35472 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_NEGOTIATE
35473 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
35474 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_AUTH, User: \administrator
35475 16:47:09.9 SMB2 73182d37759c7741ae0caced9ef04185 Session Setup Response
35476 16:47:09.9 SMB2 ec1d8a66ebea6120e5f8c44be2ba0dc4 Tree Connect Request Tree: \\${MY_IP}\IPC$<file://$%7bMY_IP%7d/IPC$>
35477 16:47:09.9 SMB2 ad4572986b7fae36168ea18c87bb8a9b Tree Connect Response
35478 16:47:09.9 SMB2 d31c1cb4e3ca5df3766faf76a3b6da8a Ioctl Request FSCTL_QUERY_NETWORK_INTERFACE_INFO
35479 16:47:09.9 SMB2 790b171573367693323aa73ddf4de49f Ioctl Response FSCTL_QUERY_NETWORK_INTERFACE_INFO
35480 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \${MY_IP}\ramdisk
35482 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Response, Error: STATUS_FS_DRIVER_REQUIRED
[3] 3.3.5.7 Receiving an SMB2 TREE_CONNECT Request
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-smb2%2F652e0c14-5014-4470-999d-b174d7b2da87&data=05%7C02%7CKristian.Smith%40microsoft.com%7C15aca1f4e4e2478d01a408dc5e91e302%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638489227933111100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=qHtprlLjT3XJIrCPRdYjIyZSsxxe6qLJxzxAZNDf%2Bqg%3D&reserved=0<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87>
If Connection.Dialect is "3.1.1" and Session.IsAnonymous and
Session.IsGuest are set to FALSE and the request is not signed or not
encrypted, then the server MUST disconnect the connection.
[4] 3.3.5.5.3 Handling GSS-API Authentication
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-smb2%2F5ed93f06-a1d2-4837-8954-fa8b833c2654&data=05%7C02%7CKristian.Smith%40microsoft.com%7C15aca1f4e4e2478d01a408dc5e91e302%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638489227933117857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=xQG04ktvc7q%2FVcHXtl8oxif9EARayQwNht3QFrZ0DGw%3D&reserved=0<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5ed93f06-a1d2-4837-8954-fa8b833c2654>
12. If the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags
field, and Session.IsAnonymous is FALSE, the server MUST sign the final
session setup response before sending it to the client, as follows:
--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240529/e0db5ad9/attachment.htm>
More information about the cifs-protocol
mailing list