[Patches] s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02" (bug #12772)

Stefan Metzmacher metze at samba.org
Mon Jun 26 13:33:45 UTC 2017 

Hi,

here're patches which fix a problem that happens
if "server max protcol = SMB2_02" is used and the client
is able to handle SMB3 with FSCTL_VALIDATE_NEGOTIATE_INFO.

It's not possible for an SMB2_02 server to implement
FSCTL_VALIDATE_NEGOTIATE_INFO correctly, as it doesn't
have the information from a SMB2 Negotiate Request available,
as the client started with SMB1 Negotiate.

Please review and push:-)

Thanks!
metze
-------------- next part --------------
From c757d7da66182b9136b9a3d740e74389b6bd56c6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 10:40:50 +0200
Subject: [PATCH 1/5] s3:test_smbclient_basic.sh: make use of $ADDARGS

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_smbclient_basic.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/script/tests/test_smbclient_basic.sh b/source3/script/tests/test_smbclient_basic.sh
index 90e579b..4411604 100755
--- a/source3/script/tests/test_smbclient_basic.sh
+++ b/source3/script/tests/test_smbclient_basic.sh
@@ -27,7 +27,7 @@ test_smbclient() {
 	shift
 	shift
 	echo "test: $name"
-	$VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" $@
+	$VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" ${ADDARGS} $@
 	status=$?
 	if [ x$status = x0 ]; then
 		echo "success: $name"
-- 
1.9.1


From 33850b4d5d65ae4e760612b67cfd4be39176f3ed Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 11:56:40 +0200
Subject: [PATCH 2/5] s3:test_smbclient_basic.sh: make use of
 $incdir/common_test_fns.inc

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/script/tests/test_smbclient_basic.sh | 25 +++++--------------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/source3/script/tests/test_smbclient_basic.sh b/source3/script/tests/test_smbclient_basic.sh
index 4411604..357d7ab 100755
--- a/source3/script/tests/test_smbclient_basic.sh
+++ b/source3/script/tests/test_smbclient_basic.sh
@@ -20,30 +20,15 @@ ADDARGS="$@"
 
 incdir=`dirname $0`/../../../testprogs/blackbox
 . $incdir/subunit.sh
-
-test_smbclient() {
-	name="$1"
-	cmd="$2"
-	shift
-	shift
-	echo "test: $name"
-	$VALGRIND $smbclient $CONFIGURATION //$SERVER/tmp -c "$cmd" ${ADDARGS} $@
-	status=$?
-	if [ x$status = x0 ]; then
-		echo "success: $name"
-	else
-		echo "failure: $name"
-	fi
-	return $status
-}
+. $incdir/common_test_fns.inc
 
 # TEST using \ as the separator (default)
-test_smbclient "smbclient as $DOMAIN\\$USERNAME" 'ls' -U$DOMAIN\\$USERNAME%$PASSWORD $CONFIGURATION || failed=`expr $failed + 1`
+test_smbclient "smbclient as $DOMAIN\\$USERNAME" 'ls' "//$SERVER/tmp" -U$DOMAIN\\$USERNAME%$PASSWORD $ADDARGS || failed=`expr $failed + 1`
 # TEST using / as the separator (default)
-test_smbclient "smbclient as $DOMAIN/$USERNAME" 'ls' -U$DOMAIN/$USERNAME%$PASSWORD $CONFIGURATION || failed=`expr $failed + 1`
+test_smbclient "smbclient as $DOMAIN/$USERNAME" 'ls' "//$SERVER/tmp" -U$DOMAIN/$USERNAME%$PASSWORD $ADDARGS || failed=`expr $failed + 1`
 
 # TEST using 'winbind separator = +'
-test_smbclient "smbclient as $DOMAIN+$USERNAME" 'ls' -U$DOMAIN+$USERNAME%$PASSWORD $CONFIGURATION --option=winbindseparator=+ || failed=`expr $failed + 1`
+test_smbclient "smbclient as $DOMAIN+$USERNAME" 'ls' "//$SERVER/tmp" -U$DOMAIN+$USERNAME%$PASSWORD $ADDARGS --option=winbindseparator=+ || failed=`expr $failed + 1`
 
 # TEST using 'winbind separator = +' set in a config file
 smbclient_config="$PREFIX/tmpsmbconf"
@@ -55,7 +40,7 @@ EOF
 
 SAVE_CONFIGURATION="$CONFIGURATION"
 CONFIGURATION="--configfile=$smbclient_config"
-test_smbclient "smbclient as $DOMAIN+$USERNAME" 'ls' -U$DOMAIN+$USERNAME%$PASSWORD || failed=`expr $failed + 1`
+test_smbclient "smbclient as $DOMAIN+$USERNAME" 'ls' "//$SERVER/tmp" -U$DOMAIN+$USERNAME%$PASSWORD $ADDARGS || failed=`expr $failed + 1`
 CONFIGURATION="$SAVE_CONFIGURATION"
 rm -rf $smbclient_config
 
-- 
1.9.1


From 17a02312b8d5c1d4651b2ceac18b9bca63636753 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 10:52:04 +0200
Subject: [PATCH 3/5] s3:selftest: run test_smbclient_basic.sh against
 nt4_dc_schannel with various protocols

This prepared a reproducer for bug #12772
'Clients with SMB3 support can't connect with "server max protocol = SMB2_02"'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/selftest/tests.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 9d2a8cc..a28ab67 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -164,6 +164,12 @@ plantestsuite("samba.vfstest.xattr-tdb-1", "nt4_dc:local", [os.path.join(samba3s
 plantestsuite("samba.vfstest.acl", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/vfstest-acl/run.sh"), binpath("vfstest"), "$PREFIX", configuration])
 plantestsuite("samba.vfstest.catia", "nt4_dc:local", [os.path.join(samba3srcdir, "script/tests/vfstest-catia/run.sh"), binpath("vfstest"), "$PREFIX", configuration])
 
+plantestsuite("samba3.blackbox.smbclient_basic.NT1", "nt4_dc_schannel", [os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, "-mNT1"])
+plantestsuite("samba3.blackbox.smbclient_basic.SMB2_02", "nt4_dc_schannel", [os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, "-mSMB2_02"])
+plantestsuite("samba3.blackbox.smbclient_basic.SMB2_10", "nt4_dc_schannel", [os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, "-mSMB2_10"])
+plantestsuite("samba3.blackbox.smbclient_basic.SMB3_02", "nt4_dc_schannel", [os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, "-mSMB3_02"])
+plantestsuite("samba3.blackbox.smbclient_basic.SMB3_11", "nt4_dc_schannel", [os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, "-mSMB3_11"])
+
 plantestsuite("samba3.blackbox.smbclient_basic", "ad_member", [os.path.join(samba3srcdir, "script/tests/test_smbclient_basic.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration])
 for options in ["", "--option=clientntlmv2auth=no", "--option=clientusespnego=no", "--option=clientusespnego=no --option=clientntlmv2auth=no", "--option=clientntlmv2auth=no --option=clientlanmanauth=yes --max-protocol=LANMAN2", "--option=clientntlmv2auth=no --option=clientlanmanauth=yes --option=clientmaxprotocol=NT1"]:
     env = "nt4_dc"
-- 
1.9.1


From 6d8f5176fe672c480cd75648a806b5f827ab96f4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 26 Jun 2017 12:10:40 +0200
Subject: [PATCH 4/5] selftest: run nt4_dc_schannel with 'server max protocol =
 SMB2_02'

This reproduces the problem with trying to implement
FSCTL_VALIDATE_NEGOTIATE_INFO as SMB2_02 server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 selftest/knownfail.d/smb2_02-server-smb3-client | 3 +++
 selftest/target/Samba3.pm                       | 2 ++
 2 files changed, 5 insertions(+)
 create mode 100644 selftest/knownfail.d/smb2_02-server-smb3-client

diff --git a/selftest/knownfail.d/smb2_02-server-smb3-client b/selftest/knownfail.d/smb2_02-server-smb3-client
new file mode 100644
index 0000000..68c800d
--- /dev/null
+++ b/selftest/knownfail.d/smb2_02-server-smb3-client
@@ -0,0 +1,3 @@
+^samba3.blackbox.smbclient_basic.SMB2_10.smbclient.*\(nt4_dc_schannel\)
+^samba3.blackbox.smbclient_basic.SMB3_02.smbclient.*\(nt4_dc_schannel\)
+^samba3.blackbox.smbclient_basic.SMB3_11.smbclient.*\(nt4_dc_schannel\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d93d98e..d7d09c4 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -277,6 +277,8 @@ sub setup_nt4_dc_schannel($$)
 	rpc_daemon:lsasd = fork
 
 	server schannel = yes
+	# used to reproduce bug #12772
+	server max protocol = SMB2_02
 ";
 
 	my $vars = $self->provision($path, "NT4SCHANNEL",
-- 
1.9.1


From f6d7d6e12a645399aaee0a0e46ea6f978c42bcb1 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 5 May 2017 18:49:37 +0200
Subject: [PATCH 5/5] s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with
 "server max protocol = SMB2_02"

A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).

Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.

We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 selftest/knownfail.d/smb2_02-server-smb3-client |  3 ---
 source3/smbd/smb2_ioctl_network_fs.c            | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)
 delete mode 100644 selftest/knownfail.d/smb2_02-server-smb3-client

diff --git a/selftest/knownfail.d/smb2_02-server-smb3-client b/selftest/knownfail.d/smb2_02-server-smb3-client
deleted file mode 100644
index 68c800d..0000000
--- a/selftest/knownfail.d/smb2_02-server-smb3-client
+++ /dev/null
@@ -1,3 +0,0 @@
-^samba3.blackbox.smbclient_basic.SMB2_10.smbclient.*\(nt4_dc_schannel\)
-^samba3.blackbox.smbclient_basic.SMB3_02.smbclient.*\(nt4_dc_schannel\)
-^samba3.blackbox.smbclient_basic.SMB3_11.smbclient.*\(nt4_dc_schannel\)
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
index 7b496ef..016a0e4 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -580,6 +580,23 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	enum protocol_types protocol = PROTOCOL_NONE;
 
+	if (lp_server_max_protocol() <= PROTOCOL_SMB2_02) {
+		/*
+		 * With SMB 2.02 we didn't get the
+		 * capabitities, client guid, security mode
+		 * and dialects the client would have offered.
+		 *
+		 * So we behave compatible with a true
+		 * SMB 2.02 server and return NT_STATUS_FILE_CLOSED.
+		 *
+		 * As SMB >= 2.10 offers the two phase SMB2 Negotiate
+		 * we keep supporting FSCTL_VALIDATE_NEGOTIATE_INFO
+		 * starting with SMB 2.10, while Windows only supports
+		 * it starting with SMB > 2.10.
+		 */
+		return NT_STATUS_FILE_CLOSED;
+	}
+
 	if (in_input->length < 0x18) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170626/4a3e165d/signature.sig>

More information about the samba-technical mailing list