Home Home > GIT Browse > SLE15
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-03-25 17:08:17 +0100
committerTakashi Iwai <tiwai@suse.de>2019-03-25 17:08:17 +0100
commitace6e8641529e8c0731afa00a74aeeb070b10e3a (patch)
tree88a40689391da4fa644dfa726ebe9791e1af8d9d
parent6cb451f1da9696c51840fb8935f903d9d8f3e638 (diff)
parent42fc847f2aea41b0cc521ca77aea49e92c5c2131 (diff)
Merge branch 'users/palcantara/SLE15/for-next' into SLE15SLE15
Pull cifs fixes from Paulo Alcantara
-rw-r--r--patches.fixes/SMB3-Fix-SMB3.1.1-guest-mounts-to-Samba.patch54
-rw-r--r--patches.fixes/cifs-allow-guest-mounts-to-work-for-smb3.11.patch43
-rw-r--r--series.conf2
3 files changed, 99 insertions, 0 deletions
diff --git a/patches.fixes/SMB3-Fix-SMB3.1.1-guest-mounts-to-Samba.patch b/patches.fixes/SMB3-Fix-SMB3.1.1-guest-mounts-to-Samba.patch
new file mode 100644
index 0000000000..5968a06ada
--- /dev/null
+++ b/patches.fixes/SMB3-Fix-SMB3.1.1-guest-mounts-to-Samba.patch
@@ -0,0 +1,54 @@
+From 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Fri, 22 Mar 2019 22:31:17 -0500
+Subject: [PATCH] SMB3: Fix SMB3.1.1 guest mounts to Samba
+Git-commit: 8c11a607d1d9cd6e7f01fd6b03923597fb0ef95a
+Patch-mainline: v5.1-rc2
+References: bsc#1051510
+
+Workaround problem with Samba responses to SMB3.1.1
+null user (guest) mounts. The server doesn't set the
+expected flag in the session setup response so we have
+to do a similar check to what is done in smb3_validate_negotiate
+where we also check if the user is a null user (but not sec=krb5
+since username might not be passed in on mount for Kerberos case).
+
+Note that the commit below tightened the conditions and forced signing
+for the SMB2-TreeConnect commands as per MS-SMB2.
+However, this should only apply to normal user sessions and not for
+cases where there is no user (even if server forgets to set the flag
+in the response) since we don't have anything useful to sign with.
+This is especially important now that the more secure SMB3.1.1 protocol
+is in the default dialect list.
+
+An earlier patch ("cifs: allow guest mounts to work for smb3.11") fixed
+the guest mounts to Windows.
+
+ Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
+
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Reviewed-by: Paulo Alcantara <palcantara@suse.de>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Acked-by: Paulo Alcantara <palcantar@suse.de>
+---
+ fs/cifs/smb2pdu.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1421,10 +1421,13 @@ SMB2_tcon(const unsigned int xid, struct
+ /*
+ * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
+ * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
++ * (Samba servers don't always set the flag so also check if null user)
+ */
+ if ((ses->server->dialect == SMB311_PROT_ID) &&
+ !encryption_required(tcon) &&
+- !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)))
++ !(ses->session_flags &
++ (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
++ ((ses->user_name != NULL) || (ses->sectype == Kerberos)))
+ req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
+
+ inc_rfc1001_len(req, unc_path_len - 1 /* pad */);
diff --git a/patches.fixes/cifs-allow-guest-mounts-to-work-for-smb3.11.patch b/patches.fixes/cifs-allow-guest-mounts-to-work-for-smb3.11.patch
new file mode 100644
index 0000000000..b1c72447a7
--- /dev/null
+++ b/patches.fixes/cifs-allow-guest-mounts-to-work-for-smb3.11.patch
@@ -0,0 +1,43 @@
+From e71ab2aa06f731a944993120b0eef1556c63b81c Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Thu, 21 Mar 2019 14:59:02 +1000
+Subject: [PATCH] cifs: allow guest mounts to work for smb3.11
+Git-commit: e71ab2aa06f731a944993120b0eef1556c63b81c
+Patch-mainline: v5.1-rc2
+References: bsc#1051510
+
+Fix Guest/Anonymous sessions so that they work with SMB 3.11.
+
+The commit noted below tightened the conditions and forced signing for
+the SMB2-TreeConnect commands as per MS-SMB2.
+However, this should only apply to normal user sessions and not for
+Guest/Anonumous sessions.
+
+Fixes: 6188f28bf608 ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
+
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Acked-by: Paulo Alcantara <palcantara@suse.de>
+---
+ fs/cifs/smb2pdu.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1418,9 +1418,13 @@ SMB2_tcon(const unsigned int xid, struct
+ iov[1].iov_base = unc_path;
+ iov[1].iov_len = unc_path_len;
+
+- /* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 */
++ /*
++ * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
++ * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1
++ */
+ if ((ses->server->dialect == SMB311_PROT_ID) &&
+- !encryption_required(tcon))
++ !encryption_required(tcon) &&
++ !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)))
+ req->hdr.sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
+
+ inc_rfc1001_len(req, unc_path_len - 1 /* pad */);
diff --git a/series.conf b/series.conf
index 8836748124..750f2d8344 100644
--- a/series.conf
+++ b/series.conf
@@ -21028,6 +21028,8 @@
patches.drivers/iommu-amd-fix-sg-dma_address-for-sg-offset-bigger-than-page_size
patches.drivers/iommu-vt-d-check-capability-before-disabling-protected-memory
patches.drivers/auxdisplay-hd44780-Fix-memory-leak-on-remove.patch
+ patches.fixes/cifs-allow-guest-mounts-to-work-for-smb3.11.patch
+ patches.fixes/SMB3-Fix-SMB3.1.1-guest-mounts-to-Samba.patch
patches.drivers/thermal-bcm2835-Fix-crash-in-bcm2835_thermal_debugfs.patch
# davem/net-next