Am 15.05.21 um 16:10 schrieb Namjae Jeon: > 2021-05-15 17:57 GMT+09:00, Stefan Metzmacher <metze@xxxxxxxxx>: >> >> Am 15.05.21 um 07:18 schrieb Namjae Jeon: >>> 2021-05-14 22:11 GMT+09:00, Stefan Metzmacher via Linux-cifsd-devel >>> <linux-cifsd-devel@xxxxxxxxxxxxxxxxxxxxx>: >>>> >>>> Am 14.05.21 um 14:52 schrieb Marios Makassikis: >>>>> Returning TreeID=0 is valid behaviour according to [MS-SMB2] 2.2.1.2: >>>>> >>>>> TreeId (4 bytes): Uniquely identifies the tree connect for the >>>>> command. >>>>> This MUST be 0 for the SMB2 TREE_CONNECT Request. The TreeId can be >>>>> any unsigned 32-bit integer that is received from a previous >>>>> SMB2 TREE_CONNECT Response. TreeId SHOULD be set to 0 for the >>>>> following commands: >>>>> [...] >>>>> >>>>> However, some client implementations reject it as invalid. Windows 7/10 >>>>> assigns ids starting from 1, and samba4 returns a random uint32_t >>>>> which suggests there may be other clients that consider it is >>>>> invalid behaviour. >>>>> >>>>> While here, simplify ksmbd_acquire_smb2_tid. 0xFFFF is a reserved value >>>>> for CIFS/SMB1: >>>>> [MS-CIFS] 2.2.4.50.2 >>>>> >>>>> TID (2 bytes): The newly generated Tree ID, used in subsequent CIFS >>>>> client requests to refer to a resource relative to the >>>>> SMB_Data.Bytes.Path specified in the request. Most access to the >>>>> server requires a valid TID, whether the resource is password >>>>> protected or not. The value 0xFFFF is reserved; the server MUST NOT >>>>> return a TID value of 0xFFFF. >>>>> >>>>> Signed-off-by: Marios Makassikis <mmakassikis@xxxxxxxxxx> >>>>> --- >>>>> Example library that treats zero TreeID as invalid: >>>>> >>>>> https://github.com/AgNO3/jcifs-ng/blob/master/src/main/java/jcifs/internal/smb2/tree/Smb2TreeConnectResponse.java#L201 >>>>> >>>>> mgmt/ksmbd_ida.c | 9 ++------- >>>>> 1 file changed, 2 insertions(+), 7 deletions(-) >>>>> >>>>> diff --git a/mgmt/ksmbd_ida.c b/mgmt/ksmbd_ida.c >>>>> index 7eb6476..34e0d2e 100644 >>>>> --- a/mgmt/ksmbd_ida.c >>>>> +++ b/mgmt/ksmbd_ida.c >>>>> @@ -13,19 +13,14 @@ static inline int __acquire_id(struct ida *ida, int >>>>> from, int to) >>>>> #ifdef CONFIG_SMB_INSECURE_SERVER >>>>> int ksmbd_acquire_smb1_tid(struct ida *ida) >>>>> { >>>>> - return __acquire_id(ida, 0, 0xFFFF); >>>>> + return __acquire_id(ida, 1, 0xFFFF); >>>>> } >>>>> #endif >>>>> >>>>> int ksmbd_acquire_smb2_tid(struct ida *ida) >>>>> { >>>>> - int id; >>>>> + return __acquire_id(ida, 1, 0); >>>> >>>> I think that should be __acquire_id(ida, 1, 0xFFFFFFFF) (or a lower >>>> constraint) >>>> >>>> 0xFFFFFFFF is used for compound requests to inherit the tree id from the >>>> previous request. >>> Where is it defined in the specification ? As I know, >>> SMB2_FLAGS_RELATED_OPERATIONS flags in smb header indicate inherit >>> tree id in previous request. >> >> [MS-SMB2] 3.2.4.1.4 Sending Compounded Requests >> >> ... >> >> The client MUST construct the subsequent request as it would do normally. >> For any subsequent >> requests the client MUST set SMB2_FLAGS_RELATED_OPERATIONS in the Flags >> field of the SMB2 >> header to indicate that it is using the SessionId, TreeId, and FileId >> supplied in the previous >> request (or generated by the server in processing that request). For an >> operation compounded >> with an SMB2 CREATE request, the FileId field SHOULD be set to { >> 0xFFFFFFFFFFFFFFFF, >> 0xFFFFFFFFFFFFFFFF }. >> >> This only explicitly talks about FileId and I'm not any client would do >> that, but in theory it should be possible to >> compound, the 2nd session setup request (of an anonymous authentication) >> with a tree connect request >> and an open. >> >> Which means it's the safest behavior for a server to avoid 0 and all F as >> valid id, >> there're still enough ids to use.... >> >> It also makes sure that we don't end up with very confusing network >> captures. > Okay, I have checked cifs client code like the following. > > if (request_type & CHAINED_REQUEST) { > if (!(request_type & END_OF_CHAIN)) { > /* next 8-byte aligned request */ > *total_len = DIV_ROUND_UP(*total_len, 8) * 8; > shdr->NextCommand = cpu_to_le32(*total_len); > } else /* END_OF_CHAIN */ > shdr->NextCommand = 0; > if (request_type & RELATED_REQUEST) { > shdr->Flags |= SMB2_FLAGS_RELATED_OPERATIONS; > /* > * Related requests use info from previous read request > * in chain. > */ > shdr->SessionId = 0xFFFFFFFF; > shdr->TreeId = 0xFFFFFFFF; > req->PersistentFileId = 0xFFFFFFFF; > req->VolatileFileId = 0xFFFFFFFF; > } Which seems actually wrong and should be 0xFFFFFFFFFFFFFFFF for all but TreeId... metze
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
