Duplicate SMB file_ids leading to Windows client cache poisoning
Steven Engelhardt
steven.engelhardt at relativity.com
Wed Dec 8 19:00:36 UTC 2021
>> While trying to roll out recent versions of Samba, we believe we have discovered a bug in Samba related to SMB file id generation which can lead to Windows SMB clients to observe wrong data.
>
> Could you share any test code/scripts you have for this so we can ensure we have a good regression test for this when we fix it ?
Attached a few files, hope they get through.
fsutil.zip is the source code to a tool modelled after Windows' fsutil.
It allows one to retrieve the file_id for a file using a command like
`fsutil file queryfileid //hostname/share/dir1/dir2/file.txt`. It
Uses libsmb2 from https://github.com/sahlberg/libsmb2. I would
have used libsmbclient but I couldn't figure out how to get the raw SMB
file_id from libsmbclient.
getdosattrib.zip is a command-line tool we wrote which decodes the
Samba `user.DOSATTRIB` extended attribute and displays it as a JSON
strings. We wrote this tool to make it a more convenient to write
scripts and tests.
test_for_file_id_bug.zip are some simple scripts we wrote to see
if we deliberately make the itime of two files the same will Samba
serve the files with identical SMB file ids.
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fsutil.zip
Type: application/x-zip-compressed
Size: 2913 bytes
Desc: fsutil.zip
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20211208/7a786d23/fsutil.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_for_file_id_bug.zip
Type: application/x-zip-compressed
Size: 1520 bytes
Desc: test_for_file_id_bug.zip
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20211208/7a786d23/test_for_file_id_bug.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: getdosattrib.zip
Type: application/x-zip-compressed
Size: 5109 bytes
Desc: getdosattrib.zip
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20211208/7a786d23/getdosattrib.bin>
More information about the samba-technical
mailing list