From: Stefan Metzmacher <metze@samba.org>
To: Tom Talpey <ttalpey@microsoft.com>,
Jeremy Allison <jra@samba.org>, Steve French <smfrench@gmail.com>
Cc: CIFS <linux-cifs@vger.kernel.org>,
samba-technical <samba-technical@lists.samba.org>
Subject: Re: [PATCH][SMB3] Add missing defines for new negotiate contexts
Date: Fri, 24 May 2019 12:27:26 +0200 [thread overview]
Message-ID: <edd1ac0f-abe3-58b2-09c1-736d45c3ff31@samba.org> (raw)
In-Reply-To: <CY4PR21MB014907F825DED7F5057E69E2A0010@CY4PR21MB0149.namprd21.prod.outlook.com>
[-- Attachment #1.1: Type: text/plain, Size: 1053 bytes --]
Hi Tom,
> It's an advisory payload, and can be used to direct the connection appropriately
> by load balancers, servers hosting multiple names, and the like. It's basically the
> same servername that will be presented later in SMB2_TREE_CONNECT, only it's
> available early, prior to any SMB3 processing. Other possible uses are for logging
> and diagnosis.
Ok, I think it should be explicitly stated, otherwise it's a bit
confusing, if it's completely missing from 3.3.5.4 Receiving an SMB2
NEGOTIATE Request.
> It has no actual function in the SMB3 protocol, so apart from defining the payload
> it's not a matter for the MS-SMB2 document. We would hope, however, that clients
> will include the context when sending SMB2_NEGOTIATE.
This might be an information leak if client or server require
encryption, as the unc in the tree connect is encrypted and the
negotiate value isn't. On the other side it's likely that the target
principal name is already visible in a kerberos ticket or the
NTLMSSP MsvAvTargetName.
metze
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2019-05-24 10:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 16:06 [PATCH][SMB3] Add missing defines for new negotiate contexts Steve French
2019-04-18 17:23 ` Jeremy Allison
2019-04-18 17:33 ` Steve French
2019-04-22 15:50 ` Tom Talpey
2019-05-03 15:57 ` Tom Talpey
2019-05-23 13:51 ` Stefan Metzmacher
2019-05-23 18:24 ` Tom Talpey
2019-05-23 23:06 ` Jeremy Allison
2019-05-24 10:27 ` Stefan Metzmacher [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=edd1ac0f-abe3-58b2-09c1-736d45c3ff31@samba.org \
--to=metze@samba.org \
--cc=jra@samba.org \
--cc=linux-cifs@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
--cc=smfrench@gmail.com \
--cc=ttalpey@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).