Duplicate SMB file_ids leading to Windows client cache poisoning

Steven Engelhardt steven.engelhardt at relativity.com
Wed Dec 8 19:00:36 UTC 2021

>> While trying to roll out recent versions of Samba, we believe we have discovered a bug in Samba related to SMB file id generation which can lead to Windows SMB clients to observe wrong data.
> Could you share any test code/scripts you have for this so we can ensure we have a good regression test for this when we fix it ?

Attached a few files, hope they get through.

fsutil.zip is the source code to a tool modelled after Windows' fsutil.
It allows one to retrieve the file_id for a file using a command like
`fsutil file queryfileid //hostname/share/dir1/dir2/file.txt`.  It
Uses libsmb2 from https://github.com/sahlberg/libsmb2.  I would
have used libsmbclient but I couldn't figure out how to get the raw SMB
file_id from libsmbclient.

getdosattrib.zip is a command-line tool we wrote which decodes the
Samba `user.DOSATTRIB` extended attribute and displays it as a JSON
strings.  We wrote this tool to make it a more convenient to write
scripts and tests.

test_for_file_id_bug.zip are some simple scripts we wrote to see
if we deliberately make the itime of two files the same will Samba
serve the files with identical SMB file ids.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fsutil.zip
Type: application/x-zip-compressed
Size: 2913 bytes
Desc: fsutil.zip
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20211208/7a786d23/fsutil.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_for_file_id_bug.zip
Type: application/x-zip-compressed
Size: 1520 bytes
Desc: test_for_file_id_bug.zip
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20211208/7a786d23/test_for_file_id_bug.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: getdosattrib.zip
Type: application/x-zip-compressed
Size: 5109 bytes
Desc: getdosattrib.zip
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20211208/7a786d23/getdosattrib.bin>

More information about the samba-technical mailing list