| Message ID | 1548118005-18670-1-git-send-email-linkinjeon@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED | expand |
> -----Original Message----- > From: linux-cifs-owner@vger.kernel.org <linux-cifs-owner@vger.kernel.org> On > Behalf Of Namjae Jeon > Sent: Monday, January 21, 2019 4:47 PM > To: smfrench@gmail.com; linux-cifs@vger.kernel.org > Cc: namjae.jeon@samsung.com; Namjae Jeon <linkinjeon@gmail.com> > Subject: [PATCH] cifs: Accept validate negotiate if server return > NT_STATUS_NOT_SUPPORTED > > Old windows version or Netapp SMB server will return > NT_STATUS_NOT_SUPPORTED since they do not allow or implement > FSCTL_VALIDATE_NEGOTIATE_INFO. The client should accept the response > provided it's properly signed. The value of any error in the validate negotiate response is only important if it's STATUS_ACCESS DENIED. Any other signed error is acceptable, so your test shouldn't be so specific. The blog reference you point to is just a blog and it's almost 8 years old. I recommend you read the full spec: Sending validate negotiate (part of Tree Connect processing): https://msdn.microsoft.com/en-us/library/cc246687.aspx Processing validate negotiate response: https://msdn.microsoft.com/en-us/library/hh880630.aspx Apparently this also applies to the libcli-smb2 component, based on the Bugzilla? > > See > https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/ > > Samba client had already handled it. > https://bugzilla.samba.org/attachment.cgi?id=13285&action=edit > > Signed-off-by: Namjae Jeon <linkinjeon@gmail.com> > --- > fs/cifs/smb2pdu.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > index 0af87bd..c9e6def 100644 > --- a/fs/cifs/smb2pdu.c > +++ b/fs/cifs/smb2pdu.c > @@ -986,8 +986,14 @@ int smb3_validate_negotiate(const unsigned int xid, > struct cifs_tcon *tcon) > rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, > FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */, > (char *)pneg_inbuf, inbuflen, (char **)&pneg_rsp, &rsplen); > - > - if (rc != 0) { > + if (rc == -EOPNOTSUPP) { > + /* > + * Old Windows versions or Netapp SMB server can return > + * not supported error. Client should accept it. > + */ > + cifs_dbg(VFS, "Accept validate negotiate: not supported > error\n"); > + return 0; > + } else if (rc != 0) { > cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); > rc = -EIO; > goto out_free_inbuf; > -- > 2.7.0
> > -----Original Message----- > > From: linux-cifs-owner@vger.kernel.org <linux-cifs-owner@vger.kernel.org> > On > > Behalf Of Namjae Jeon > > Sent: Monday, January 21, 2019 4:47 PM > > To: smfrench@gmail.com; linux-cifs@vger.kernel.org > > Cc: namjae.jeon@samsung.com; Namjae Jeon <linkinjeon@gmail.com> > > Subject: [PATCH] cifs: Accept validate negotiate if server return > > NT_STATUS_NOT_SUPPORTED > > > > Old windows version or Netapp SMB server will return > > NT_STATUS_NOT_SUPPORTED since they do not allow or implement > > FSCTL_VALIDATE_NEGOTIATE_INFO. The client should accept the response > > provided it's properly signed. > > The value of any error in the validate negotiate response is only important > if > it's STATUS_ACCESS DENIED. Any other signed error is acceptable, so your > test > shouldn't be so specific. > > The blog reference you point to is just a blog and it's almost 8 years old. > I recommend > you read the full spec: > > Sending validate negotiate (part of Tree Connect processing): > https://msdn.microsoft.com/en-us/library/cc246687.aspx > > Processing validate negotiate response: > https://msdn.microsoft.com/en-us/library/hh880630.aspx Okay, Thanks for sharing information. Acutally I had read it before. MS blog and samba confuse me, I wonder what is correct. I tested it with Windows 10 as well as samba client. They have been allowing connecting such servers which returning not support error about validate negotiate ioctl. > > Apparently this also applies to the libcli-smb2 component, based on the > Bugzilla? Yep, See --------------------------------->8------------------------------------------------------------- libcli/smb/smbXcli_base.c static void smb2cli_validate_negotiate_info_done(struct tevent_req *subreq) { ... if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { /* * The response was signed, but not supported * * This might be returned by older Windows versions or by * NetApp SMB server implementations. * * See * * https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/ * */ tevent_req_done(req); return; } if (tevent_req_nterror(req, status)) { return; } -------------------------------------------------------------------------------------------------------- Thanks! > > > > > > See > > https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure- > dialect-negotiation/ > > > > Samba client had already handled it. > > https://bugzilla.samba.org/attachment.cgi?id=13285&action=edit > > > > Signed-off-by: Namjae Jeon <linkinjeon@gmail.com> > > --- > > fs/cifs/smb2pdu.c | 10 ++++++++-- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > > index 0af87bd..c9e6def 100644 > > --- a/fs/cifs/smb2pdu.c > > +++ b/fs/cifs/smb2pdu.c > > @@ -986,8 +986,14 @@ int smb3_validate_negotiate(const unsigned int xid, > > struct cifs_tcon *tcon) > > rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, > > FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */, > > (char *)pneg_inbuf, inbuflen, (char **)&pneg_rsp, &rsplen); > > - > > - if (rc != 0) { > > + if (rc == -EOPNOTSUPP) { > > + /* > > + * Old Windows versions or Netapp SMB server can return > > + * not supported error. Client should accept it. > > + */ > > + cifs_dbg(VFS, "Accept validate negotiate: not supported > > error\n"); > > + return 0; > > + } else if (rc != 0) { > > cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); > > rc = -EIO; > > goto out_free_inbuf; > > -- > > 2.7.0
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 0af87bd..c9e6def 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -986,8 +986,14 @@ int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon) rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */, (char *)pneg_inbuf, inbuflen, (char **)&pneg_rsp, &rsplen); - - if (rc != 0) { + if (rc == -EOPNOTSUPP) { + /* + * Old Windows versions or Netapp SMB server can return + * not supported error. Client should accept it. + */ + cifs_dbg(VFS, "Accept validate negotiate: not supported error\n"); + return 0; + } else if (rc != 0) { cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); rc = -EIO; goto out_free_inbuf;
Old windows version or Netapp SMB server will return NT_STATUS_NOT_SUPPORTED since they do not allow or implement FSCTL_VALIDATE_NEGOTIATE_INFO. The client should accept the response provided it's properly signed. See https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/ Samba client had already handled it. https://bugzilla.samba.org/attachment.cgi?id=13285&action=edit Signed-off-by: Namjae Jeon <linkinjeon@gmail.com> --- fs/cifs/smb2pdu.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)