发表于 2023-11-24 13:19
本帖最后由 肖元元 于 2023-11-24 13:50 编辑
我使用ksmbd提供的guest共享,同一台设备上的kodi可以正常访问smb,当贝播放器无法连接,提示:ipc signing is enforced but no signing is available。抓包发现当贝播放器在Session Setup Request阶段1要求signing,ksmbd以Session Setup Response阶段2回复signed。接下来当贝播放器在Tree Connect Request阶段3是没有signed的,而ksmbd在Tree Connect Response阶段4回复signed。于是连接失败。可否增加一个设置开关,不要求signing?log如下:
阶段1:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
Channel Sequence: 0
Reserved: 0000
Command: Session Setup (1)
Credits requested: 1
Flags: 0x00000000
.... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 3
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 00000000000000000000000000000000
[Response in: 2153]
Session Setup Request (0x01)
[Preauth Hash: a2cf8c53285ec77aea08e06ae5276b6364b3e25d7188151b49d349d222f01c7fcb8700e29390f52857534586d10f8133c5c1134f4787a2196b7688b1c9c4cd17]
StructureSize: 0x0019
Flags: 0
Security mode: 0x02, Signing required
.... ...0 = Signing enabled: False
.... ..1. = Signing required: True
Capabilities: 0x00000000
Channel: None (0x00000000)
Previous Session Id: 0x0000000000000000
Blob Offset: 0x00000058
Blob Length: 368
Security Blob [truncated]: a182016c30820168a2820164048201604e544c4d53535000030000000000000058000000f400f40058000000000000004c010000140014004c0100000000000060010000000000006001000015828822060100000000000fc19ad95952936f8182411488182d5732db6a
GSS-API Generic Security Service Application Program Interface
阶段2:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Session Setup (1)
Credits granted: 1
Flags: 0x00000009, Response, Signing
.... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 3
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 46846b89152ff8dac5d4e84fd8faba30
[Response to: 2152]
[Time from request: 0.001382000 seconds]
Session Setup Response (0x01)
[Preauth Hash: a2cf8c53285ec77aea08e06ae5276b6364b3e25d7188151b49d349d222f01c7fcb8700e29390f52857534586d10f8133c5c1134f4787a2196b7688b1c9c4cd17]
StructureSize: 0x0009
Session Flags: 0x0001, Guest
Blob Offset: 0x00000048
Blob Length: 9
Security Blob: a1073005a0030a0100
GSS-API Generic Security Service Application Program Interface
阶段3:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
Channel Sequence: 0
Reserved: 0000
Command: Tree Connect (3)
Credits requested: 1
Flags: 0x00000000
.... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 4
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 00000000000000000000000000000000
[Response in: 2156]
Tree Connect Request (0x03)
StructureSize: 0x0009
Flags: 0x0000
Tree: \\192.168.1.1\IPC$
Blob Offset: 0x00000048
Blob Length: 36
阶段4:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Tree Connect (3)
Credits granted: 1
Flags: 0x00000009, Response, Signing
.... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 4
Process Id: 0x00000000
Tree Id: 0x00000001 \\192.168.1.1\IPC$
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 14530433742f8845e30fdc479c70c3c2
[Response to: 2155]
[Time from request: 0.001034000 seconds]
Tree Connect Response (0x03)
StructureSize: 0x0010
Share Type: Named pipe (0x02)
Reserved: 00
Share flags: 0x00000000
Share Capabilities: 0x00000000
Access Mask: 0x001f00a9
我使用ksmbd提供的guest共享,同一台设备上的kodi可以正常访问smb,当贝播放器无法连接,提示:ipc signing is enforced but no signing is available。抓包发现当贝播放器在Session Setup Request阶段1要求signing,ksmbd以Session Setup Response阶段2回复signed。接下来当贝播放器在Tree Connect Request阶段3是没有signed的,而ksmbd在Tree Connect Response阶段4回复signed。于是连接失败。可否增加一个设置开关,不要求signing?log如下:
阶段1:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
Channel Sequence: 0
Reserved: 0000
Command: Session Setup (1)
Credits requested: 1
Flags: 0x00000000
.... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 3
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 00000000000000000000000000000000
[Response in: 2153]
Session Setup Request (0x01)
[Preauth Hash: a2cf8c53285ec77aea08e06ae5276b6364b3e25d7188151b49d349d222f01c7fcb8700e29390f52857534586d10f8133c5c1134f4787a2196b7688b1c9c4cd17]
StructureSize: 0x0019
Flags: 0
Security mode: 0x02, Signing required
.... ...0 = Signing enabled: False
.... ..1. = Signing required: True
Capabilities: 0x00000000
Channel: None (0x00000000)
Previous Session Id: 0x0000000000000000
Blob Offset: 0x00000058
Blob Length: 368
Security Blob [truncated]: a182016c30820168a2820164048201604e544c4d53535000030000000000000058000000f400f40058000000000000004c010000140014004c0100000000000060010000000000006001000015828822060100000000000fc19ad95952936f8182411488182d5732db6a
GSS-API Generic Security Service Application Program Interface
阶段2:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Session Setup (1)
Credits granted: 1
Flags: 0x00000009, Response, Signing
.... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 3
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 46846b89152ff8dac5d4e84fd8faba30
[Response to: 2152]
[Time from request: 0.001382000 seconds]
Session Setup Response (0x01)
[Preauth Hash: a2cf8c53285ec77aea08e06ae5276b6364b3e25d7188151b49d349d222f01c7fcb8700e29390f52857534586d10f8133c5c1134f4787a2196b7688b1c9c4cd17]
StructureSize: 0x0009
Session Flags: 0x0001, Guest
Blob Offset: 0x00000048
Blob Length: 9
Security Blob: a1073005a0030a0100
GSS-API Generic Security Service Application Program Interface
阶段3:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
Channel Sequence: 0
Reserved: 0000
Command: Tree Connect (3)
Credits requested: 1
Flags: 0x00000000
.... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 4
Process Id: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 00000000000000000000000000000000
[Response in: 2156]
Tree Connect Request (0x03)
StructureSize: 0x0009
Flags: 0x0000
Tree: \\192.168.1.1\IPC$
Blob Offset: 0x00000048
Blob Length: 36
阶段4:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Tree Connect (3)
Credits granted: 1
Flags: 0x00000009, Response, Signing
.... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
.... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
.... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
.... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
.... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
Chain Offset: 0x00000000
Message ID: 4
Process Id: 0x00000000
Tree Id: 0x00000001 \\192.168.1.1\IPC$
Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
Signature: 14530433742f8845e30fdc479c70c3c2
[Response to: 2155]
[Time from request: 0.001034000 seconds]
Tree Connect Response (0x03)
StructureSize: 0x0010
Share Type: Named pipe (0x02)
Reserved: 00
Share flags: 0x00000000
Share Capabilities: 0x00000000
Access Mask: 0x001f00a9
收藏
淘帖
顶一个
踩
楼主我用2个不同设备使用当贝播放器故障相同;同一个设备上kodi可以访问,当贝播放器无法访问。
其次,ksmbd上显示bad smb2 signature。
其次,ksmbd上显示bad smb2 signature。
抓包kodi发现在Session Setup Request阶段1是不要求signing的
Security mode: 0x01, Signing enabled
.... ...1 = Signing enabled: True
.... ..0. = Signing required: False
Security mode: 0x01, Signing enabled
.... ...1 = Signing enabled: True
.... ..0. = Signing required: False
感谢开发团队1.4.4版本修复了smb共享的问题
znds.com 