Jeremy, Thanks for the request. We will work on this and let you know once we complete the investigation.
-------------------------------------------------------------------- Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft hongw...@microsoft.com Tel: 469-7757027 x 57027 --------------------------------------------------------------------- -----Original Message----- From: Jeremy Allison [mailto:j...@samba.org] Sent: Thursday, June 04, 2009 1:40 PM To: Jeremy Allison Cc: Interoperability Documentation Help; cifs-proto...@samba.org Subject: Re: [Pfif] CAR: Error in SMB2 Netprot description. On Thu, Jun 04, 2009 at 11:33:41AM -0700, Jeremy Allison wrote: > Hi all, > > I believe there is an error in [MS-SMB2] — v20090521 in the > description of 2.2.4 SMB2 NEGOTIATE Response. > > At the end of this section on page 35 it says: > > "Buffer (variable): The variable-length buffer that contains the security > buffer for the response, as specified by SecurityBufferOffset and > SecurityBufferLength. The buffer MUST contain a token as produced by the GSS > protocol as specified in section 3.3.5.3." > > The "MUST" statement is incorrect. The Windows client > behavior is that if a null buffer is returned in this > field, then the client will downgrade to using raw-NTLMSSP > blobs for sessionsetup instead of SPNEGO wrapped blobs. > > I can provide proof of this as a packet trace on request. > > I think this is important to fix for the SMB2 client implementations, > which otherwise are forced to implement SPNEGO ASN.1 parsing. Sorry, should have realized - there are two more "MUSTS" which are incorrect. Section "2.2.5 SMB2 SESSION_SETUP Request" also has a MUST at the end of the section: "Buffer (variable): A variable-length buffer that contains the security buffer for the request, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section 3.3.5.5." and also "2.2.6 SMB2 SESSION_SETUP Response" has a MUST at the end of the section: "Buffer (variable): A variable-length buffer that contains the security buffer for the response, as specified by SecurityBufferOffset and SecurityBufferLength. The buffer MUST contain a token as produced by the GSS protocol as specified in section 3.2.5.3." The values in these buffers can be a raw NTLMSSP data blob instead of a GSS blob. No need to open a new CAR, just attach these ammendments to the existing one. Jeremy Allison, Samba Team/PFIF.
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol