From patchwork Wed Dec 15 14:35:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 1568281 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=IfHvMo+U; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JDd8P40xfz9sRK for ; Thu, 16 Dec 2021 01:35:49 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1mxVNg-0004v2-5b; Wed, 15 Dec 2021 14:35:44 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1mxVNc-0004qs-5f for kernel-team@lists.ubuntu.com; Wed, 15 Dec 2021 14:35:40 +0000 Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id E66B940037 for ; Wed, 15 Dec 2021 14:35:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1639578939; bh=8Afp8gPh/frqsgzGXD0Jgnpdvuap9sKvJ38GJVzpdVY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IfHvMo+UldvR1Ps93rezVQbcmOL2DzXJ0frnE+O0V76ZRnpgquLuGfxr4TRaD8xuv 0aOgk/jMyra6rUUqhOyhxanIsSMPisgELg+gxLJQK2T6h3crzxCC4icenj7WXzEohP nJyZzcO7japS6fw7kc4FF52VNRV2IrXZEjHGbZm36QNskqCRuXdf7FClPTCou7cJXz rgmvSaSn/sie68adi4AMruhWRZvOgi4mmL++232LcUNlsS7fNUXDupLN/4oywxF38h PU21hQcjOJMdRcN18V6aSyh/LIBCmd/tfzglktn8r/wPKiOHr/NT6wtn2uYGK6rC8n pCkYb4L8u7X5A== Received: by mail-pl1-f197.google.com with SMTP id j6-20020a17090276c600b0014377d8ede3so6514440plt.21 for ; Wed, 15 Dec 2021 06:35:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8Afp8gPh/frqsgzGXD0Jgnpdvuap9sKvJ38GJVzpdVY=; b=rAkcSGg+2fE2qRL9HMBthhSKgTvHkIT6fgGoFgtVcakM1tZlLEWy5NukLZGEvlILng 3HY0CAiP3ffsmI0ILZ9vnefqnuv+6Q4pnP8MYK5AJ/hlA407c0bJiXxfPE7NM9UWnNL8 mAmQW5xeob7/GmIuumV4ZzY7YmeVMzOPC76aHrCdEKLiWU3xNdh0t1Wk4e2Ii2hIN9Wm sJWrVVqRfczKjG+gGu1yVt5m7/n3JB0BsxmH6t4HbfBSpkjsDrjVjSijHeVeYEh253gy IZmGaudasAjBDvp0/3bjPuhY7Qv3piT0xsb+O2WNNNREuuJ67fAmsiBpADLTbaba50p9 FOyQ== X-Gm-Message-State: AOAM5302V/0UvBztV4ZAgzuqrOVkGsdFJWjqjnw46byJswqacuiy0Dza 6JQ+BkQgMhoWBE8ZMG46MRgA6OsKHSp/DINDyG9nNsYKG7ujar9lWGo1HUuACtVLPfz+6IIcbho /voBzkEf/dJK/x4HXVaOFjv4oYoCixYImsyxt/X626Q== X-Received: by 2002:a05:6a00:148b:b0:4b0:9f8c:bde6 with SMTP id v11-20020a056a00148b00b004b09f8cbde6mr9389421pfu.33.1639578936192; Wed, 15 Dec 2021 06:35:36 -0800 (PST) X-Google-Smtp-Source: ABdhPJzEHcQTVZZ+WZ3RsRixVG6G495W1UCvwdFWmHp+8mjGHiRT5OKuUX9BGaWi2bWL1J5tD9PqSA== X-Received: by 2002:a05:6a00:148b:b0:4b0:9f8c:bde6 with SMTP id v11-20020a056a00148b00b004b09f8cbde6mr9389406pfu.33.1639578935871; Wed, 15 Dec 2021 06:35:35 -0800 (PST) Received: from localhost.localdomain ([69.163.84.166]) by smtp.gmail.com with ESMTPSA id h186sm2909305pfg.64.2021.12.15.06.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Dec 2021 06:35:35 -0800 (PST) From: Tim Gardner To: kernel-team@lists.ubuntu.com Subject: [PATCH 3/3] cifs: To match file servers, make sure the server hostname matches Date: Wed, 15 Dec 2021 07:35:27 -0700 Message-Id: <20211215143527.7088-4-tim.gardner@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20211215143527.7088-1-tim.gardner@canonical.com> References: <20211215143527.7088-1-tim.gardner@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Shyam Prasad N BugLink: https://bugs.launchpad.net/bugs/1954926 commit 7be3248f313930ff3d3436d4e9ddbe9fccc1f541 upstream. We generally rely on a bunch of factors to differentiate between servers. For example, IP address, port etc. For certain server types (like Azure), it is important to make sure that the server hostname matches too, even if the both hostnames currently resolve to the same IP address. Signed-off-by: Shyam Prasad N Cc: stable@vger.kernel.org Signed-off-by: Steve French Signed-off-by: Tim Gardner [rtg - backported by the Microsoft team. They dropped changes to fs/cifs/fs_connect.[ch], added a structure tag to fs/cifs/cifsglob.h: struct smb_vol, misc changes to fs/cifs/connect.c to reflect the intent of the original upstream patch] --- fs/cifs/cifsglob.h | 1 + fs/cifs/connect.c | 38 ++++++++++++++++++++++++++++++-------- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 10934d4d5ce33..9607f623c1357 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -538,6 +538,7 @@ struct smb_vol { char *username; char *password; char *domainname; + char *server_hostname; char *UNC; char *iocharset; /* local code page for mapping to and from Unicode */ char source_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* clnt nb name */ diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index de188a8b282a5..dfcac2489b46b 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1101,7 +1101,6 @@ static void clean_demultiplex_info(struct TCP_Server_Info *server) */ } - kfree(server->hostname); kfree(server); length = atomic_dec_return(&tcpSesAllocCount); @@ -1653,6 +1652,11 @@ cifs_parse_devname(const char *devname, struct smb_vol *vol) if (!pos) return -EINVAL; + /* record the server hostname */ + vol->server_hostname = kstrndup(devname + 2, pos - devname - 2, GFP_KERNEL); + if (!vol->server_hostname) + return -ENOMEM; + /* skip past delimiter */ ++pos; @@ -2510,6 +2514,12 @@ cifs_parse_mount_options(const char *mountdata, const char *devname, goto cifs_parse_mount_err; } #endif + + if (!vol->server_hostname) { + cifs_dbg(VFS, "CIFS mount error: Unable to parse server name in device string!\n"); + goto cifs_parse_mount_err; + } + if (!vol->UNC) { cifs_dbg(VFS, "CIFS mount error: No usable UNC path provided in device string!\n"); goto cifs_parse_mount_err; @@ -2712,6 +2722,9 @@ static int match_server(struct TCP_Server_Info *server, struct smb_vol *vol) if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns)) return 0; + if (strcasecmp(server->hostname, vol->server_hostname)) + return 0; + if (!match_address(server, addr, (struct sockaddr *)&vol->srcaddr)) return 0; @@ -2796,6 +2809,7 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect) kfree(server->session_key.response); server->session_key.response = NULL; server->session_key.len = 0; + kfree(server->hostname); task = xchg(&server->tsk, NULL); if (task) @@ -2821,14 +2835,15 @@ cifs_get_tcp_session(struct smb_vol *volume_info) goto out_err; } + tcp_ses->hostname = kstrdup(volume_info->server_hostname, GFP_KERNEL); + if (!tcp_ses->hostname) { + rc = -ENOMEM; + goto out_err; + } + tcp_ses->ops = volume_info->ops; tcp_ses->vals = volume_info->vals; cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns)); - tcp_ses->hostname = extract_hostname(volume_info->UNC); - if (IS_ERR(tcp_ses->hostname)) { - rc = PTR_ERR(tcp_ses->hostname); - goto out_err_crypto_release; - } tcp_ses->noblockcnt = volume_info->rootfs; tcp_ses->noblocksnd = volume_info->noblocksnd || volume_info->rootfs; @@ -2942,8 +2957,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) out_err: if (tcp_ses) { - if (!IS_ERR(tcp_ses->hostname)) - kfree(tcp_ses->hostname); + kfree(tcp_ses->hostname); if (tcp_ses->ssocket) sock_release(tcp_ses->ssocket); kfree(tcp_ses); @@ -4272,6 +4286,7 @@ cifs_cleanup_volume_info_contents(struct smb_vol *volume_info) kfree(volume_info->username); kzfree(volume_info->password); kfree(volume_info->UNC); + kfree(volume_info->server_hostname); kfree(volume_info->domainname); kfree(volume_info->iocharset); kfree(volume_info->prepath); @@ -4541,6 +4556,12 @@ static int update_vol_info(const struct dfs_cache_tgt_iterator *tgt_it, kfree(vol->UNC); vol->UNC = new_unc; + if (fake_vol->server_hostname) { + kfree(vol->server_hostname); + vol->server_hostname = fake_vol->server_hostname; + fake_vol->server_hostname = NULL; + } + if (fake_vol->prepath) { kfree(vol->prepath); vol->prepath = fake_vol->prepath; @@ -5342,6 +5363,7 @@ cifs_construct_tcon(struct cifs_sb_info *cifs_sb, kuid_t fsuid) vol_info->linux_uid = fsuid; vol_info->cred_uid = fsuid; vol_info->UNC = master_tcon->treeName; + vol_info->server_hostname = master_tcon->ses->server->hostname; vol_info->retry = master_tcon->retry; vol_info->nocase = master_tcon->nocase; vol_info->nohandlecache = master_tcon->nohandlecache;