headers
Sebastian Canevari | 2 Jun 2008 17:08
Picon
Favicon

RE: SMB2 create access masks

Hi Andrew,

I've just posted this response for the following forum post: http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=3430474&SiteID=1&mode=1

I've been reviewing the info on the document and I would need a little clarification from you.

 The mask that you are using 0D F0 FE 00, includes one bit that's described on the document (ACCESS_SYSTEM_SECURITY
0x01000000).

 It's not clear to us that you need this mask. Can you clarify what you're doing that you need it or I'd suggest
dropping the bit from the mask as I state next...

If not, I would suggest to run your test with the following mask:  0C F0 FE 00

Thanks!

Sebastian Canevari
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc@...
Permalink | Reply | 0 comments |
headers
Sebastian Canevari | 3 Jun 2008 00:38
Picon
Favicon

RE: SMB2 signing


Hi Tridge,

Let me tell you that the entire section has been reviewed and will more than likely look like this in upcoming versions:

...

Signing An Outgoing Message

If the client or server sending the message requires that the message be signed, it provides the message
length, the buffer containing the message, and the session key to use for signing. The following steps
describe the signing process:

1.  The sender MUST zero out the 16-byte signature field in the SMB2 Header of the message to be sent prior to
generating the signature.

2.  The sender MUST compute a 32-byte hash using HMAC-SHA256 over the entire message, including the SMB2
Header from step 1, using the session key as the signing key. The HMAC-SHA256 hash is specified in
[FIPS180-2] and [RFC2104].

3.  The high-order 16 bytes of the returned hash generated by step 2 MUST be copied into the 16-byte signature
field in the SMB2 Header in big-endian order.

Determining when a client will sign an outgoing message is specified in 3.2.4.1.1, and determining when a
server will sign an outgoing message is specified in 3.3.4.1.1.

...

To answer your questions:
(Continue reading)

Permalink | Reply | 0 comments |
headers
tridge | 3 Jun 2008 06:34
Picon
Favicon
Gravatar

RE: SMB2 signing

Hi Sebastian,

I got an updated MS-SMB2 spec from Thomas today at the plugfest, and
it gave the corrected SMB2 signing algorithm. I tried it this evening
and it works fine against w2008. So you can consider this one closed
(apart from ensuring the public MS-SMB2 doc gets updated)

In case anyone else on this list is interested, the working code is
here:

  http://samba.org/ftp/unpacked/samba_4_0_test/source/libcli/smb2/signing.c

Cheers, Tridge
Permalink | Reply | 3 comments |
headers
Sebastian Canevari | 3 Jun 2008 06:59
Picon
Favicon

RE: SMB2 signing

Tridge,

I'm very glad to know that you've got it working now.

You can rest assure that the updated version of the doc will be available for everyone to read as soon as it
gets ready to be published.

Thanks for the follow up.

Regards,

Sebas

Sebastian Canevari
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc@...

________________________________________
From: tridge@... [tridge@...]
Sent: Monday, June 02, 2008 11:34 PM
To: Sebastian Canevari
Cc: Interoperability Documentation Help; cifs-protocol@...
Subject: RE: SMB2 signing

Hi Sebastian,

I got an updated MS-SMB2 spec from Thomas today at the plugfest, and
(Continue reading)

Permalink | Reply | 0 comments |
headers
Stefan (metze) Metzmacher | 3 Jun 2008 08:40
Picon
Favicon

Re: RE: SMB2 signing

tridge@... schrieb:
> Hi Sebastian,
> 
> I got an updated MS-SMB2 spec from Thomas today at the plugfest, and
> it gave the corrected SMB2 signing algorithm. I tried it this evening
> and it works fine against w2008. So you can consider this one closed
> (apart from ensuring the public MS-SMB2 doc gets updated)
> 
> In case anyone else on this list is interested, the working code is
> here:
> 
>   http://samba.org/ftp/unpacked/samba_4_0_test/source/libcli/smb2/signing.c

You forgot a git push?

metze


_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol
Permalink | Reply | 1 comment |
headers
Sebastian Canevari | 3 Jun 2008 22:13
Picon
Favicon

RE: CAR - missing SMB2 SetFileInfo levels

Hi Tridge,

I wanted to let you know that I'm working on this request and that I will let you know once I have news or questions.

Thanks!

Sebas

Sebastian Canevari
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc@...

-----Original Message-----
From: tridge@... [mailto:tridge@...]
Sent: Friday, May 30, 2008 8:52 PM
To: Interoperability Documentation Help
Cc: cifs-protocol@...
Subject: CAR - missing SMB2 SetFileInfo levels

Hi,

MS-SMB2 section 2.2.39 says that these are the only 12 levels for
setfileinfo:

 FileBasicInformation            4
 FileRenameInformation          10
 FileLinkInformation            11
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sebastian Canevari | 3 Jun 2008 22:13
Picon
Favicon

RE: CAR - missing SMB2 GetFileInfo levels

Hi Tridge,

I wanted to let you know that I'm working on this request and that I will let you know once I have news or questions.

Thanks!

Sebas

Sebastian Canevari
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc@...

-----Original Message-----
From: tridge@... [mailto:tridge@...]
Sent: Friday, May 30, 2008 9:06 PM
To: Interoperability Documentation Help
Cc: cifs-protocol@...
Subject: CAR - missing SMB2 GetFileInfo levels

Hi,

MS-SMB2 section 2.2.37 says that these are the only 19 levels for
getfileinfo:

FileBasicInformation
FileStandardInformation
FileInternalInformation
(Continue reading)

Permalink | Reply | 1 comment |
headers
Sebastian Canevari | 3 Jun 2008 22:42
Picon
Favicon

Create Context Tags


Hi Tridge,

I've just posted the following response at the forum.

Please let me know if you'll need further clarification on it.

Thanks!

Sebas

==============================

Hi Tridge,

After reviewing the document and the code, there will be a correction to the [MS-SMB2] document upcoming
releases that will look close to the paragraph below:

3.3.5.9 Receiving an SMB2 CREATE Request

[snip]

The description contained here is for a generic create operation. Sections 3.3.5.9.1 through 3.3.5.9.7
detail server behavior when various create contexts are provided in the request, and describe how that
affects server operation. All create contexts that are not specified in 2.2.13.2 SHOULD be failed with a
STATUS_INVALID_PARAMETER error. <WB>

<WB> Windows Vista and Windows Server 2008 will not explicitly check for create contexts that are 4 bytes or larger.

Thanks again for helping us improve our documentation.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 5 Jun 2008 03:19
Picon
Favicon

RE: How are disabled accounts handled in SNTP

On Wed, 2008-06-04 at 11:28 -0700, Richard Guthrie wrote:
> Andrew,
> 
> Would you clarify question 5 for me so I can get the correct
> information to you.  When you say "do windows clients only use the RID
> from serverauthenticate3", I take it to mean "When a windows client OS
> submits a typical SNTP request, what Trusted Domain Object and its
> associated RID is typically used to create the Key Identifier?  How is
> that TDO retrieved?"

aside from the word 'typically', I agree.  I need to understand all the
current use cases.

> Would this be a more concise representation of your question?

That seems good. 

Andrew Bartlett

--

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com


_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hongwei Sun | 5 Jun 2008 22:52
Picon
Favicon

Response for format of SMB2 ExtA request in create

Tridge,

 

   I post the following response to the post:  http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3383775&SiteID=1

 

Response:

 

For the data buffer format of SMB2_CREATE_BUFFER_EA , please refer to FileFullEaInformation defined in   [MS-FSCC] 2.4.15.   

 

There are also several buffer alignment requirements regarding  SMB2 EA context command you need to be aware of:

 

1.       For a SMB2_CREATE_CONTEXT request,   it must be 8-byte aligned.

(already  documented in [MS-SMB2] 2.2.13.2)

 

2.       Within a SMB2_CREATE_CONTEXT request, DataOffset  must be 8-byte aligned  

(already  documented in [MS-SMB2] 2.2.13.2)

 

3.       For EA lists within SMB2_CREATE_EA_BUFFER context data buffer, NextEntryOffset must be 4-byte aligned. 

 ([MS-FSCC] 2.4.15 will be updated).

 

 Please  let  us know if the problem is solved after meeting the alignment requirements above.  If not,  please capture network trace so we can do further investigation. 

 

 Thanks!

 

----------------------------------------------------------

Hongwei  Sun - Support Escalation Engineer

DSC Protocol  Team, Microsoft

hongweis-0li6OtcxBFHby3iVrkZq2A@public.gmane.org

Tel:  469-7757027 x 57027

-----------------------------------------------------------

 

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol
Permalink | Reply | 0 comments |

Gmane