[cifs-protocol] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704

Jones Syue 薛懷宗 jonessyue at qnap.com
Thu May 30 10:43:26 UTC 2024 

> I’m following up on this case with regards to signing of Ioctl 
> FSCTL_QUERY_NETWORK_INTERFACE_INFO requests as my last email was 
> inaccurate. After the engineering team conducted further research, they 
> determined that Windows (operating as a server) does not *require* that 
> these incoming requests from the client are signed. 

Thank you Kristian for kind feedback!

Ohh okay now i see that, Windows smb servers do not fail the Ioctl 
FSCTL_QUERY_NETWORK_INTERFACE_INFO requests if these requests are not 
signing. In other words, if a smb client sends these ioctl 
FSCTL_QUERY_NETWORK_INTERFACE_INFO requests to Windows (operating as a 
smb server), and these requests do not contains smb signing/signature,
Windows servers do not fail these requests, still move on and send
back responses with network information to smb client.

> Windows clients do, however, sign these requests. 

This looks good to me, per my test with three kinds implementation of smb 
clients: 
1. Windows workstation/server edition
2. Linux kernel cifs.ko module (Ubuntu 22.04.4, linux 6.5.0-26-generic)
3. Apple macOS (Sonoma 14.3.1, MacBookPro M1)

Only the first one sign ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO 
requests, the other two implementation so far do not.

smb client    | sign ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO request?
--------------+-----------
Windows       | yes
Linux cifs.ko | no
Apple macOS   | no


> As a result, there will not be any update to the [MS-SMB2] document.

Here is my question:
Although smb clients sign Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests
is not mandatory/required, considering Windows smb clients (including 
workstation/server editions) do sign these requests, is there a chance to 
mention this behavior of Windows smb clients in [MS-SMB2], perhaps in the 
Protocol Examples section like '4.8 Establish Alternate Channel'[1], 
or section 6. Appendix?

If this behavior of Windows smb client could be mentioned in [MS-SMB2], 
it would be great help to do further enhancements on current third-party 
smb client implemention to cope with Windows and increase interoperability.
Thank you for your great help :)

[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/2e32e57a-166f-46ae-abe8-17fa3c897890
To establish an alternative channel, the client sends an 
FSCTL_QUERY_NETWORK_INTERFACE_INFO IOCTL request to query the available 
network interface on the server.

--

Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.

More information about the cifs-protocol mailing list