summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <stfrench@microsoft.com>2019-03-22 22:31:17 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-03-27 14:14:41 +0900
commit38bd575b9aef70c54a2fc9559b01f077b335aaa4 (patch)
tree46642fedf5d30b7aa651adabac996f2a826fc34b
parentaacf2cc814c2dc45494945c4c485abe8699a3a50 (diff)
downloadlinux-stable-38bd575b9aef70c54a2fc9559b01f077b335aaa4.tar.gz
linux-stable-38bd575b9aef70c54a2fc9559b01f077b335aaa4.tar.bz2
linux-stable-38bd575b9aef70c54a2fc9559b01f077b335aaa4.zip
SMB3: Fix SMB3.1.1 guest mounts to Samba
commit 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a upstream. Workaround problem with Samba responses to SMB3.1.1 null user (guest) mounts. The server doesn't set the expected flag in the session setup response so we have to do a similar check to what is done in smb3_validate_negotiate where we also check if the user is a null user (but not sec=krb5 since username might not be passed in on mount for Kerberos case). Note that the commit below tightened the conditions and forced signing for the SMB2-TreeConnect commands as per MS-SMB2. However, this should only apply to normal user sessions and not for cases where there is no user (even if server forgets to set the flag in the response) since we don't have anything useful to sign with. This is especially important now that the more secure SMB3.1.1 protocol is in the default dialect list. An earlier patch ("cifs: allow guest mounts to work for smb3.11") fixed the guest mounts to Windows. Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares") Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: Paulo Alcantara <palcantara@suse.de> CC: Stable <stable@vger.kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--fs/cifs/smb2pdu.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 3d8db0504f5c..3d0db37d64ad 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1503,10 +1503,13 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
/*
* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
* unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
+ * (Samba servers don't always set the flag so also check if null user)
*/
if ((ses->server->dialect == SMB311_PROT_ID) &&
!smb3_encryption_required(tcon) &&
- !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)))
+ !(ses->session_flags &
+ (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
+ ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
memset(&rqst, 0, sizeof(struct smb_rqst));