From 12ddec24b42cec4804a8e819457d6eddaff59229 Mon Sep 17 00:00:00 2001 From: Warren Date: Wed, 24 Jun 2026 22:29:05 +0800 Subject: [PATCH] Fix SMB 2.x signing key: use session_base_key directly (not KDF) --- vendor/smb-server/src/handlers/session_setup.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/vendor/smb-server/src/handlers/session_setup.rs b/vendor/smb-server/src/handlers/session_setup.rs index 6bd7084..c42fe64 100644 --- a/vendor/smb-server/src/handlers/session_setup.rs +++ b/vendor/smb-server/src/handlers/session_setup.rs @@ -168,7 +168,7 @@ pub async fn handle( .lock() .unwrap_or_else(|poisoned| poisoned.into_inner()); let (acceptor, raw_form) = (&pair.0, pair.1); - let lookup = |u: &str, _d: &str| -> Option { users.get(u).cloned() }; + let lookup = |u: &str, _d: &str| -> Option { users.get(&u.to_lowercase()).cloned() }; let outcome = match acceptor.authenticate(&inner_token, lookup) { Ok(o) => o, Err(e) => { @@ -186,9 +186,14 @@ pub async fn handle( let session_base_key = outcome.session_key; let dialect = *conn.dialect.read().await; + // Signing key derivation per MS-SMB2 ยง3.1.4.1: + // - SMB 2.0.2/2.1: signing_key = session_base_key (direct, HMAC-SHA256) + // - SMB 3.0/3.0.2: signing_key = SMB2_kdf(session_key, "SMB2AESCMAC", "SmbSign") (AES-CMAC) + // - SMB 3.1.1: signing_key derived later with preauth hash let signing_key = match dialect { - Some(Dialect::Smb311) => [0u8; 16], - Some(_) => signing_key_30(&session_base_key), + Some(Dialect::Smb311) => [0u8; 16], // Derived in dispatch with preauth hash + Some(Dialect::Smb300) | Some(Dialect::Smb302) => signing_key_30(&session_base_key), + Some(Dialect::Smb202) | Some(Dialect::Smb210) | Some(Dialect::Smb2Wildcard) => session_base_key, // Direct for SMB 2.x None => return HandlerResponse::err(ntstatus::STATUS_INVALID_PARAMETER), };