Samba server problem with validate negotiate info fsctl?
ttalpey at microsoft.com
Tue Nov 19 09:13:35 MST 2013
> -----Original Message-----
> From: linux-cifs-owner at vger.kernel.org [mailto:linux-cifs-
> owner at vger.kernel.org] On Behalf Of Steve French
> Sent: Monday, November 18, 2013 6:55 PM
> To: samba-technical; linux-cifs at vger.kernel.org
> Subject: Samba server problem with validate negotiate info fsctl?
> With the kernel patch I recently submitted to list for review, tried the
> validate negotiate info fsctl (unsigned) on an smb3.0 mount against Windows
> 8.1 server and it failed, dropping the connection immediately. I repeated it
> with "sign" mount option and it worked fine.
> Trying the validate negotiate info fsctl against Samba though it worked fine
> with signing disabled implying that the server is not checking to make sure
> that that request is signed (the validate negotiate info fsctl is always
> supposed to be signed right?)
Indeed yes - and signing the validate negotiate is important to ensure it's not tampered with by a MITM attacker. The MS-SMB2 document makes the client requirement in section 220.127.116.11 (emphasis added):
"If MaxDialect is "3.000" or "3.002", and RequireSecureNegotiate is TRUE, the client MUST validate the SMB2 NEGOTIATE messages originally sent on this connection by sending a *signed* VALIDATE_NEGOTIATE_INFO request as specified in section 18.104.22.168. "
Note that "MaxDialect" is the highest dialect the client is capable of, not necessarily the dialect negotiated on the connection. This too is important, to detect a negotiation downgrade by a MITM. Since the server will sign its response, even a failure can be used to complete the validation.
More information about the samba-technical