> -----Original Message----- > From: linux-cifs-owner@xxxxxxxxxxxxxxx <linux-cifs-owner@xxxxxxxxxxxxxxx> On > Behalf Of Steve French > Sent: Wednesday, March 20, 2019 5:08 PM > To: Andreas Hasenack <andreas@xxxxxxxxxxxxx> > Cc: CIFS <linux-cifs@xxxxxxxxxxxxxxx>; Paulo Alcantara <palcantara@xxxxxxx> > Subject: Re: "Bad SMB2 signature for message" with kernel 5.0.0, works with > 4.19.0 > > I am not sure it is legal to require signing and to connect as guest. > See quote from protocol specification (MS-SMB2): > > If the SMB2_SESSION_FLAG_IS_GUEST bit is set in the SessionFlags field > of the SMB2 > SESSION_SETUP Response and if Session.SigningRequired is TRUE, this indicates > a > SESSION_SETUP failure and the connection MUST be terminated. If the > SMB2_SESSION_FLAG_IS_GUEST bit is set in the SessionFlags field of the SMB2 > SESSION_SETUP Response and if RequireMessageSigning is FALSE, > Session.SigningRequired > MUST be set to FALSE. It's even more fundamental. A guest login has no secret, and without a secret there is nothing to drive the signing algorithm. Therefore, a guest session cannot validly sign. If the client is attempting to sign as guest, that's a bug. If the server is accepting a request with an invalid signature, that's another bug. Tom.
