Message ID | CAH2r5mvEYMEUjz8BDRUumn0yGq__VntNKx-8AzWcZgCDOJQv-Q@mail.gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [SMB3] Add missing defines for new negotiate contexts | expand |
On Thu, Apr 18, 2019 at 11:06:57AM -0500, Steve French via samba-technical wrote:
> See updated MS-SMB2 - two new negotiate contexts
Link to latest update ? Is this a draft update
or a full new version ?
I got these from looking at the diff on the open specifications web site https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SMB2/%5bMS-SMB2%5d-190313-diff.pdf On Thu, Apr 18, 2019 at 12:23 PM Jeremy Allison <jra@samba.org> wrote: > > On Thu, Apr 18, 2019 at 11:06:57AM -0500, Steve French via samba-technical wrote: > > See updated MS-SMB2 - two new negotiate contexts > > Link to latest update ? Is this a draft update > or a full new version ?
> -----Original Message----- > From: linux-cifs-owner@vger.kernel.org <linux-cifs-owner@vger.kernel.org> On > Behalf Of Jeremy Allison > Sent: Thursday, April 18, 2019 1:24 PM > To: Steve French <smfrench@gmail.com> > Cc: CIFS <linux-cifs@vger.kernel.org>; samba-technical <samba- > technical@lists.samba.org> > Subject: Re: [PATCH][SMB3] Add missing defines for new negotiate contexts > > On Thu, Apr 18, 2019 at 11:06:57AM -0500, Steve French via samba-technical > wrote: > > See updated MS-SMB2 - two new negotiate contexts > > Link to latest update ? Is this a draft update > or a full new version ? The Windows protocol documents were updated on March 13 for the upcoming "19H1" update cycle. MS-SMB2 version page, with latest, diffs, etc: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5606ad47-5ee0-437a-817e-70c366052962 Tom.
> -----Original Message----- > From: linux-cifs-owner@vger.kernel.org <linux-cifs-owner@vger.kernel.org> On > Behalf Of Tom Talpey > Sent: Monday, April 22, 2019 8:51 AM > To: Jeremy Allison <jra@samba.org>; Steve French <smfrench@gmail.com> > Cc: CIFS <linux-cifs@vger.kernel.org>; samba-technical <samba- > technical@lists.samba.org> > Subject: RE: [PATCH][SMB3] Add missing defines for new negotiate contexts > > > -----Original Message----- > > From: linux-cifs-owner@vger.kernel.org <linux-cifs-owner@vger.kernel.org> > On > > Behalf Of Jeremy Allison > > Sent: Thursday, April 18, 2019 1:24 PM > > To: Steve French <smfrench@gmail.com> > > Cc: CIFS <linux-cifs@vger.kernel.org>; samba-technical <samba- > > technical@lists.samba.org> > > Subject: Re: [PATCH][SMB3] Add missing defines for new negotiate contexts > > > > On Thu, Apr 18, 2019 at 11:06:57AM -0500, Steve French via samba-technical > > wrote: > > > See updated MS-SMB2 - two new negotiate contexts > > > > Link to latest update ? Is this a draft update > > or a full new version ? > > The Windows protocol documents were updated on March 13 for the > upcoming "19H1" update cycle. > > MS-SMB2 version page, with latest, diffs, etc: > > https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5606ad47-5ee0-437a-817e-70c366052962 So, there was a defect in the published spec which we just corrected, there's a new update online at the above page. The value of the new compression contextid is actually "3", but the earlier document incorrectly said "4". There were several other fixes and clarifications in the pipeline which have also been included. Redline diffs as well as the usual standard publication formats are available. Tom.
Hi Tom, >> The Windows protocol documents were updated on March 13 for the >> upcoming "19H1" update cycle. >> >> MS-SMB2 version page, with latest, diffs, etc: >> >> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5606ad47-5ee0-437a-817e-70c366052962 > > So, there was a defect in the published spec which we just corrected, there's a new > update online at the above page. > > The value of the new compression contextid is actually "3", but the earlier document > incorrectly said "4". There were several other fixes and clarifications in the pipeline > which have also been included. > > Redline diffs as well as the usual standard publication formats are available. There's no server behavior defined for SMB2_NETNAME_NEGOTIATE_CONTEXT_ID. If there's none, why was it added at all? metze
> -----Original Message----- > From: Stefan Metzmacher <metze@samba.org> > Sent: Thursday, May 23, 2019 9:51 AM > To: Tom Talpey <ttalpey@microsoft.com>; Jeremy Allison <jra@samba.org>; > Steve French <smfrench@gmail.com> > Cc: CIFS <linux-cifs@vger.kernel.org>; samba-technical <samba- > technical@lists.samba.org> > Subject: Re: [PATCH][SMB3] Add missing defines for new negotiate contexts > > Hi Tom, > > >> The Windows protocol documents were updated on March 13 for the > >> upcoming "19H1" update cycle. > >> > >> MS-SMB2 version page, with latest, diffs, etc: > >> > >> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- > smb2/5606ad47-5ee0-437a-817e-70c366052962 > > > > So, there was a defect in the published spec which we just corrected, there's a > new > > update online at the above page. > > > > The value of the new compression contextid is actually "3", but the earlier > document > > incorrectly said "4". There were several other fixes and clarifications in the > pipeline > > which have also been included. > > > > Redline diffs as well as the usual standard publication formats are available. > > There's no server behavior defined for > SMB2_NETNAME_NEGOTIATE_CONTEXT_ID. If there's none, why was it added > at all? It's an advisory payload, and can be used to direct the connection appropriately by load balancers, servers hosting multiple names, and the like. It's basically the same servername that will be presented later in SMB2_TREE_CONNECT, only it's available early, prior to any SMB3 processing. Other possible uses are for logging and diagnosis. It has no actual function in the SMB3 protocol, so apart from defining the payload it's not a matter for the MS-SMB2 document. We would hope, however, that clients will include the context when sending SMB2_NEGOTIATE. Tom.
On Thu, May 23, 2019 at 06:24:16PM +0000, Tom Talpey via samba-technical wrote: > > -----Original Message----- > > From: Stefan Metzmacher <metze@samba.org> > > Sent: Thursday, May 23, 2019 9:51 AM > > To: Tom Talpey <ttalpey@microsoft.com>; Jeremy Allison <jra@samba.org>; > > Steve French <smfrench@gmail.com> > > Cc: CIFS <linux-cifs@vger.kernel.org>; samba-technical <samba- > > technical@lists.samba.org> > > Subject: Re: [PATCH][SMB3] Add missing defines for new negotiate contexts > > > > Hi Tom, > > > > >> The Windows protocol documents were updated on March 13 for the > > >> upcoming "19H1" update cycle. > > >> > > >> MS-SMB2 version page, with latest, diffs, etc: > > >> > > >> https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- > > smb2/5606ad47-5ee0-437a-817e-70c366052962 > > > > > > So, there was a defect in the published spec which we just corrected, there's a > > new > > > update online at the above page. > > > > > > The value of the new compression contextid is actually "3", but the earlier > > document > > > incorrectly said "4". There were several other fixes and clarifications in the > > pipeline > > > which have also been included. > > > > > > Redline diffs as well as the usual standard publication formats are available. > > > > There's no server behavior defined for > > SMB2_NETNAME_NEGOTIATE_CONTEXT_ID. If there's none, why was it added > > at all? > > It's an advisory payload, and can be used to direct the connection appropriately > by load balancers, servers hosting multiple names, and the like. It's basically the > same servername that will be presented later in SMB2_TREE_CONNECT, only it's > available early, prior to any SMB3 processing. Other possible uses are for logging > and diagnosis. > > It has no actual function in the SMB3 protocol, so apart from defining the payload > it's not a matter for the MS-SMB2 document. We would hope, however, that clients > will include the context when sending SMB2_NEGOTIATE. IMHO Looks like a reinvention of the 'netbios name' field that allowed us to do clever things with the smb.conf 'netbios alias' parameter :-).
Hi Tom, > It's an advisory payload, and can be used to direct the connection appropriately > by load balancers, servers hosting multiple names, and the like. It's basically the > same servername that will be presented later in SMB2_TREE_CONNECT, only it's > available early, prior to any SMB3 processing. Other possible uses are for logging > and diagnosis. Ok, I think it should be explicitly stated, otherwise it's a bit confusing, if it's completely missing from 3.3.5.4 Receiving an SMB2 NEGOTIATE Request. > It has no actual function in the SMB3 protocol, so apart from defining the payload > it's not a matter for the MS-SMB2 document. We would hope, however, that clients > will include the context when sending SMB2_NEGOTIATE. This might be an information leak if client or server require encryption, as the unc in the tree connect is encrypted and the negotiate value isn't. On the other side it's likely that the target principal name is already visible in a kerberos ticket or the NTLMSSP MsvAvTargetName. metze
From 137c7222c0f4abbc9ea2b2ab11c98c69e87613db Mon Sep 17 00:00:00 2001 From: Steve French <stfrench@microsoft.com> Date: Thu, 18 Apr 2019 11:03:58 -0500 Subject: [PATCH] SMB3: Add defines for new negotiate contexts See the latest MS-SMB2 protocol specification updates. These will be needed for implementing compression support on the wire for example. Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/cifs/smb2pdu.c | 5 +---- fs/cifs/smb2pdu.h | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index ac92d066c724..3999ec5a6bb9 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -459,10 +459,7 @@ smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, return rc; } - -#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES cpu_to_le16(1) -#define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2) -#define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100) +/* For explanation of negotiate contexts see MS-SMB2 section 2.2.3.1 */ static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt) diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h index bc9161a26400..e0725e98f175 100644 --- a/fs/cifs/smb2pdu.h +++ b/fs/cifs/smb2pdu.h @@ -251,6 +251,14 @@ struct smb2_negotiate_req { #define SMB2_NT_FIND 0x00100000 #define SMB2_LARGE_FILES 0x00200000 + +/* Negotiate Contexts - ContextTypes. See MS-SMB2 section 2.2.3.1 for details */ +#define SMB2_PREAUTH_INTEGRITY_CAPABILITIES cpu_to_le16(1) +#define SMB2_ENCRYPTION_CAPABILITIES cpu_to_le16(2) +#define SMB2_COMPRESSION_CAPABILITIES cpu_to_le16(4) +#define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID cpu_to_le16(5) +#define SMB2_POSIX_EXTENSIONS_AVAILABLE cpu_to_le16(0x100) + struct smb2_neg_context { __le16 ContextType; __le16 DataLength; @@ -288,6 +296,24 @@ struct smb2_encryption_neg_context { __le16 Ciphers[1]; /* Ciphers[0] since only one used now */ } __packed; +/* See MS-SMB2 2.2.3.1.3 */ +#define SMB3_COMPRESS_NONE 0x0000 +#define SMB3_COMPRESS_LZNT1 0x0001 +#define SMB3_COMPRESS_LZ77 0x0002 +#define SMB3_COMPRESS_LZ77_HUFF 0x0003 + +struct smb2_compression_capabilities_context { + __le16 CompressionAlgorithmCount; + __u16 Padding; + __u32 Reserved; + __u16 CompressionAlgorithms[1]; +} __packed; + +/* + * For smb2_netname_negotiate_context_id See MS-SMB2 2.2.3.1.4. + * Its struct simply contains NetName, an array of Unicode characters + */ + #define POSIX_CTXT_DATA_LEN 16 struct smb2_posix_neg_context { __le16 ContextType; /* 0x100 */ -- 2.17.1