On Fri, Mar 22, 2019 at 3:13 AM Andreas Hasenack <andreas@xxxxxxxxxxxxx> wrote: > > Hello Ronnie, > > On Thu, Mar 21, 2019 at 1:59 AM Ronnie Sahlberg <lsahlber@xxxxxxxxxx> wrote: > > > > Fix Guest/Anonymous sessions so that they work with SMB 3.11. > > > > In git commit 6188f28 tightened the conditions and forced signing for > > the SMB2-TreeConnect commands as per MS-SMB2. > > However, this should only apply to normal user sessions and not for > > Guest/Anonumous sessions. > > > > Signed-off-by: Ronnie Sahlberg <lsahlber@xxxxxxxxxx> > > CC: Stable <stable@xxxxxxxxxxxxxxx> > > --- > > fs/cifs/smb2pdu.c | 8 ++++++-- > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > > index c399e09b76e6..8e4a1da95418 100644 > > --- a/fs/cifs/smb2pdu.c > > +++ b/fs/cifs/smb2pdu.c > > @@ -1628,9 +1628,13 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, > > iov[1].iov_base = unc_path; > > iov[1].iov_len = unc_path_len; > > > > - /* 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 */ > > + /* > > + * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1 > > + * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1 > > + */ > > if ((ses->server->dialect == SMB311_PROT_ID) && > > - !smb3_encryption_required(tcon)) > > + !smb3_encryption_required(tcon) && > > + !(ses->session_flags & (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL))) > > req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED; > > > > memset(&rqst, 0, sizeof(struct smb_rqst)); > > -- > > 2.13.6 > > > > > I tried this patch with an ubuntu kernel > (https://people.canonical.com/~tyhicks/disco-cifs.2/ specifically) but > it didn't work, I'm still getting failures with smb3.11 and a guest > mount. > > Maybe I'm missing some other fix, or a more up-to-date kernel? Shall I > try with a self-compiled upstream one? Try with the current version of Steve's for-next branch plus this patch. I could reproduce the failure with 3.11 on for-next but when I added this patch then the mount was successful. At least that would verify that the current for-net works for you (or not). There may be other things missing in older kernels that broke 3.11 guest mounts, but lets check if for-next works first. Regards Ronnie Sahlberg > > dmesg: http://paste.ubuntu.com/p/JGhCsgBVcb/ > > server logs (debug level 5, samba 4.10.0): > log.: http://paste.ubuntu.com/p/jMDJ8DBfRM/ > log.smbd: http://paste.ubuntu.com/p/Z9W5z28BP9/ > smb.conf: http://paste.ubuntu.com/p/9HpSyFq8n8/
