Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

4.3 Message Signing Example

This example illustrates the use of the CIFS message signing capability when connecting to a share.

9ae98abf-2197-4e66-a054-5dc8aded9fde

Figure 12: Message signing when connecting to a share

The example is a result of configuring a server running Windows NT Server 4.0 operating system Service Pack 6a (SP6a) both to allow and require message signing (see [ENSIGN] for information on configuring the registry for this feature), and likewise configuring a Windows NT Workstation 4.0 operating system Service Pack 6a (SP6a) client for message signing. A share from the server was then mapped to a drive letter on the client machine:

C:\> net use y: \\10.9.9.47\testshare1

FRAME 1. The first step is the negotiation request. This is the usual offer of dialects and exchange of the Flags and Flags2 fields in the SMB Header (section 2.2.3.1) of the SMB_COM_NEGOTIATE Request (section 2.2.4.52.1). The SMB_FLAGS2_SMB_SECURITY_SIGNATURE bit in the Flags2 field is cleared, and the SecuritySignature field is set to 0x0000000000000000. No security signature is generated at this stage.

FRAME 2. The negotiate response has the SMB_FLAGS2_SMB_SECURITY_SIGNATURE bit in the Flags2 field cleared, and the SecuritySignature field is set to 0x0000000000000000. No signature is generated at this stage.

FRAME 3. The next exchange takes advantage of ANDX message batching. Two requests are sent together; the first SMB_COM_SESSION_SETUP_ANDX Request (section 2.2.4.53.1) is sent along with an SMB_COM_TREE_CONNECT_ANDX Request (section 2.2.4.55.1). The SMB_FLAGS2_SMB_SECURITY_SIGNATURE bit in the Flags2 field is cleared in this request, and the SecuritySignature field is set to 0x0000000000000000. The tree connect attempt is to IPC$.

FRAME 4. The ANDX response contains a SecuritySignature field set to 0x0000000000000000, and the SMB_FLAGS2_SMB_SECURITY_SIGNATURE bit in the Flags2 field bit is cleared.

FRAME 5. Next, another ANDX request consisting of an SMB_COM_SESSION_SETUP_ANDX Request and another SMB_COM_TREE_CONNECT_ANDX Request is sent. This is the attempt to connect to the share.

FRAME 6. Note that this time, the SMB_FLAGS2_SMB_SECURITY_SIGNATURE bit in the Flags2 field is set, and the SecuritySignature field contains a valid signature. From this point on, all messages will be signed.

 
Show:
© 2014 Microsoft. All rights reserved.