當(dāng)貝播放器無法通過guest訪問smb共享

adowls · 發(fā)表于 2023-11-24 13:19

本帖最后由肖元元于 2023-11-24 13:50 編輯

我使用ksmbd提供的guest共享，同一臺設(shè)備上的kodi可以正常訪問smb，當(dāng)貝播放器無法連接，提示：ipc signing is enforced but no signing is available。抓包發(fā)現(xiàn)當(dāng)貝播放器在Session Setup Request階段1要求signing，ksmbd以Session Setup Response階段2回復(fù)signed。接下來當(dāng)貝播放器在Tree Connect Request階段3是沒有signed的，而ksmbd在Tree Connect Response階段4回復(fù)signed。于是連接失敗?？煞裨黾右粋€設(shè)置開關(guān)，不要求signing？log如下：
階段1：
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
      ProtocolId: 0xfe534d42
      Header Length: 64
      Credit Charge: 0
      Channel Sequence: 0
      Reserved: 0000
      Command: Session Setup (1)
      Credits requested: 1
      Flags: 0x00000000
         .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
         .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
         .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
         .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
         .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
         ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
         ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
      Chain Offset: 0x00000000
      Message ID: 3
      Process Id: 0x00000000
      Tree Id: 0x00000000
      Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
      Signature: 00000000000000000000000000000000
      [Response in: 2153]
Session Setup Request (0x01)
      [Preauth Hash: a2cf8c53285ec77aea08e06ae5276b6364b3e25d7188151b49d349d222f01c7fcb8700e29390f52857534586d10f8133c5c1134f4787a2196b7688b1c9c4cd17]
      StructureSize: 0x0019
      Flags: 0
      Security mode: 0x02, Signing required
         .... ...0 = Signing enabled: False
         .... ..1. = Signing required: True
      Capabilities: 0x00000000
      Channel: None (0x00000000)
      Previous Session Id: 0x0000000000000000
      Blob Offset: 0x00000058
      Blob Length: 368
      Security Blob [truncated]: a182016c30820168a2820164048201604e544c4d53535000030000000000000058000000f400f40058000000000000004c010000140014004c0100000000000060010000000000006001000015828822060100000000000fc19ad95952936f8182411488182d5732db6a
         GSS-API Generic Security Service Application Program Interface

階段2:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
      ProtocolId: 0xfe534d42
      Header Length: 64
      Credit Charge: 0
      NT Status: STATUS_SUCCESS (0x00000000)
      Command: Session Setup (1)
      Credits granted: 1
      Flags: 0x00000009, Response, Signing
         .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
         .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
         .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
         .... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
         .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
         ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
         ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
      Chain Offset: 0x00000000
      Message ID: 3
      Process Id: 0x00000000
      Tree Id: 0x00000000
      Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
      Signature: 46846b89152ff8dac5d4e84fd8faba30
      [Response to: 2152]
      [Time from request: 0.001382000 seconds]
Session Setup Response (0x01)
      [Preauth Hash: a2cf8c53285ec77aea08e06ae5276b6364b3e25d7188151b49d349d222f01c7fcb8700e29390f52857534586d10f8133c5c1134f4787a2196b7688b1c9c4cd17]
      StructureSize: 0x0009
      Session Flags: 0x0001, Guest
      Blob Offset: 0x00000048
      Blob Length: 9
      Security Blob: a1073005a0030a0100
         GSS-API Generic Security Service Application Program Interface

階段3:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
      ProtocolId: 0xfe534d42
      Header Length: 64
      Credit Charge: 0
      Channel Sequence: 0
      Reserved: 0000
      Command: Tree Connect (3)
      Credits requested: 1
      Flags: 0x00000000
         .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
         .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
         .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
         .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
         .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
         ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
         ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
      Chain Offset: 0x00000000
      Message ID: 4
      Process Id: 0x00000000
      Tree Id: 0x00000000
      Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
      Signature: 00000000000000000000000000000000
      [Response in: 2156]
Tree Connect Request (0x03)
      StructureSize: 0x0009
      Flags: 0x0000
      Tree: \\192.168.1.1\IPC$
         Blob Offset: 0x00000048
         Blob Length: 36

階段4:
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
      ProtocolId: 0xfe534d42
      Header Length: 64
      Credit Charge: 0
      NT Status: STATUS_SUCCESS (0x00000000)
      Command: Tree Connect (3)
      Credits granted: 1
      Flags: 0x00000009, Response, Signing
         .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
         .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
         .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
         .... .... .... .... .... .... .... 1... = Signing: This pdu is SIGNED
         .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
         ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
         ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
      Chain Offset: 0x00000000
      Message ID: 4
      Process Id: 0x00000000
      Tree Id: 0x00000001  \\192.168.1.1\IPC$
      Session Id: 0x0000000000000013 Acct:JCIFSGUEST Domain: Host:
      Signature: 14530433742f8845e30fdc479c70c3c2
      [Response to: 2155]
      [Time from request: 0.001034000 seconds]
Tree Connect Response (0x03)
      StructureSize: 0x0010
      Share Type: Named pipe (0x02)
      Reserved: 00
      Share flags: 0x00000000
      Share Capabilities: 0x00000000
      Access Mask: 0x001f00a9

老火鍋 · 發(fā)表于 2023-11-24 13:51

是不是設(shè)備的問題啊

adowls · 發(fā)表于 2023-11-24 14:56

我用2個不同設(shè)備使用當(dāng)貝播放器故障相同；同一個設(shè)備上kodi可以訪問，當(dāng)貝播放器無法訪問。
其次，ksmbd上顯示bad smb2 signature。

adowls · 發(fā)表于 2023-11-24 15:29

抓包kodi發(fā)現(xiàn)在Session Setup Request階段1是不要求signing的
   Security mode: 0x01, Signing enabled
         .... ...1 = Signing enabled: True
         .... ..0. = Signing required: False

adowls · 發(fā)表于 2023-12-28 16:42

感謝開發(fā)團(tuán)隊(duì)1.4.4版本修復(fù)了smb共享的問題

› TV版軟件交流 › 當(dāng)貝播放器

當(dāng)貝播放器無法通過guest訪問smb共享

當(dāng)貝播放器無法通過guest訪問smb共享

相關(guān)帖子