On 3/18/2022 11:20 PM, Enzo Matsumiya wrote:
Hi,
The LOGOFF command response is not signed (=> signature is 0x0), but we
check it anyway, displaying "sign fail" errors in ring buffer.
What server is returning this unsigned response? Assuming it's Windows,
that is either a doc bug or (arguably) a server bug, and should be
reported before deciding how to address it here.
Tom.
As far as I checked, an explicit LOGOUT is only sent when tlink pruning
happens (i.e. TLINK_IDLE_EXPIRE expires), but we have a case of this
causing issues on production env.
I didn't find LOGOFF being a signature check exception in MS-SMB2 rev64.
Relevant sections:
2.2.7 SMB2 LOGOFF Request
2.2.8 SMB2 LOGOFF Response
3.2.5.4 Receiving an SMB2 LOGOFF Response
3.3.5.6 Receiving an SMB2 LOGOFF Request
If this is implementation defined, maybe something like this could work?
(100% untested)
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -667,6 +667,7 @@ smb2_verify_signature(struct smb_rqst *rqst, struct
TCP_Server_Info *server)
if ((shdr->Command == SMB2_NEGOTIATE) ||
(shdr->Command == SMB2_SESSION_SETUP) ||
(shdr->Command == SMB2_OPLOCK_BREAK) ||
+ (shdr->Command == SMB2_LOGOFF) ||
server->ignore_signature ||
(!server->session_estab))
return 0;
Thoughts?
Enzo
