On Fri, Mar 22, 2019 at 3:13 AM Andreas Hasenack andreas@canonical.com wrote:
Hello Ronnie,
On Thu, Mar 21, 2019 at 1:59 AM Ronnie Sahlberg lsahlber@redhat.com wrote:
Fix Guest/Anonymous sessions so that they work with SMB 3.11.
In git commit 6188f28 tightened the conditions and forced signing for the SMB2-TreeConnect commands as per MS-SMB2. However, this should only apply to normal user sessions and not for Guest/Anonumous sessions.
Signed-off-by: Ronnie Sahlberg lsahlber@redhat.com CC: Stable stable@vger.kernel.org
fs/cifs/smb2pdu.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index c399e09b76e6..8e4a1da95418 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1628,9 +1628,13 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, iov[1].iov_base = unc_path; iov[1].iov_len = unc_path_len;
/* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 */
/*
* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
* unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
*/ if ((ses->server->dialect == SMB311_PROT_ID) &&
!smb3_encryption_required(tcon))
!smb3_encryption_required(tcon) &&
!(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL))) req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED; memset(&rqst, 0, sizeof(struct smb_rqst));
-- 2.13.6
I tried this patch with an ubuntu kernel (https://people.canonical.com/~tyhicks/disco-cifs.2/ specifically) but it didn't work, I'm still getting failures with smb3.11 and a guest mount.
Maybe I'm missing some other fix, or a more up-to-date kernel? Shall I try with a self-compiled upstream one?
Try with the current version of Steve's for-next branch plus this patch. I could reproduce the failure with 3.11 on for-next but when I added this patch then the mount was successful.
At least that would verify that the current for-net works for you (or not). There may be other things missing in older kernels that broke 3.11 guest mounts, but lets check if for-next works first.
Regards Ronnie Sahlberg
dmesg: http://paste.ubuntu.com/p/JGhCsgBVcb/
server logs (debug level 5, samba 4.10.0): log.: http://paste.ubuntu.com/p/jMDJ8DBfRM/ log.smbd: http://paste.ubuntu.com/p/Z9W5z28BP9/ smb.conf: http://paste.ubuntu.com/p/9HpSyFq8n8/