Problem with connecting to SMB server in 3.9.11 kernel.

Problem with connecting to SMB server in 3.9.11 kernel.

[Ben Greear]

[-- Attachment #1: Type: text/plain, Size: 1293 bytes --]

Hello!

A customer reported problems connecting our CIFS traffic generation test gear to their SMB server.
We are using the 3.9.11+ kernel, and though it is patched, we do not have any
patches to cifs.

The OS is Fedora 14, 64-bit.

A similar system on Fedora 14, with a 3.7.10+ kernel was working, but when
we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
So, it could be the SMB server itself is having issues.  (In the 3.7.10+ failure,
the server just failed to respond after "Setup andX Request AUTH message", though we
did get the TCP ack so it looks like the message was received by the server.)

I'm attaching a capture taken on the SMB server.

 From looking at this page:

http://msdn.microsoft.com/en-us/library/ff469913.aspx

It appears the problem (STATUS_UNSUCCESSFUL) is:

"The size of the extended attribute list is not correct. Check the EaErrorOffset field for the
address of the SMB_GEA structure at which the error was detected."

I did not see anything about extended attribute list in the capture, but if someone else
with more knowledge could take a look and see if they notice any problems I would be grateful.

Thanks!
Ben

-- 
Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
Candela Technologies Inc  http://www.candelatech.com


[-- Attachment #2: cifs-reject.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 13844 bytes --]

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Jeff Layton]

On Sat, 18 Jan 2014 09:17:32 -0800
Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:

> Hello!
> 
> A customer reported problems connecting our CIFS traffic generation test gear to their SMB server.
> We are using the 3.9.11+ kernel, and though it is patched, we do not have any
> patches to cifs.
> 
> The OS is Fedora 14, 64-bit.
> 
> A similar system on Fedora 14, with a 3.7.10+ kernel was working, but when
> we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
> So, it could be the SMB server itself is having issues.  (In the 3.7.10+ failure,
> the server just failed to respond after "Setup andX Request AUTH message", though we
> did get the TCP ack so it looks like the message was received by the server.)
> 
> I'm attaching a capture taken on the SMB server.
> 
>  From looking at this page:
> 
> http://msdn.microsoft.com/en-us/library/ff469913.aspx
> 
> It appears the problem (STATUS_UNSUCCESSFUL) is:
> 
> "The size of the extended attribute list is not correct. Check the EaErrorOffset field for the
> address of the SMB_GEA structure at which the error was detected."
> 
> I did not see anything about extended attribute list in the capture, but if someone else
> with more knowledge could take a look and see if they notice any problems I would be grateful.
> 
> Thanks!
> Ben
> 

There's no EA list on this call so that description isn't valid here.

AIUI, NT_STATUS_UNSUCCESSFUL is basically a generic "something went
wrong" error (sort of like EIO on POSIX). It looks like the server
doesn't like something about the request being sent, but it's tough to
know what it is.

I cc'ed Shirish though as he wrote most of that code. Maybe he has some
idea?

-- 
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

RE: Problem with connecting to SMB server in 3.9.11 kernel.

[Tom Talpey]

> -----Original Message-----
> From: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org [mailto:linux-cifs-
> owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org] On Behalf Of Jeff Layton
> Sent: Monday, January 20, 2014 7:57 AM
> To: Ben Greear
> Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org; Amit Haval (India Bangalore); Shirish
> Pargaonkar
> Subject: Re: Problem with connecting to SMB server in 3.9.11 kernel.
> 
> On Sat, 18 Jan 2014 09:17:32 -0800
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> 
> > Hello!
> >
> > A customer reported problems connecting our CIFS traffic generation test
> gear to their SMB server.
> > We are using the 3.9.11+ kernel, and though it is patched, we do not
> > have any patches to cifs.
> >
> > The OS is Fedora 14, 64-bit.
> >
> > A similar system on Fedora 14, with a 3.7.10+ kernel was working, but
> > when we tried the 3.7.10+ kernel on the broken machine, it also failed to
> work.
> > So, it could be the SMB server itself is having issues.  (In the
> > 3.7.10+ failure, the server just failed to respond after "Setup andX
> > Request AUTH message", though we did get the TCP ack so it looks like
> > the message was received by the server.)
> >
> > I'm attaching a capture taken on the SMB server.
> >
> >  From looking at this page:
> >
> > http://msdn.microsoft.com/en-us/library/ff469913.aspx
> >
> > It appears the problem (STATUS_UNSUCCESSFUL) is:
> >
> > "The size of the extended attribute list is not correct. Check the
> > EaErrorOffset field for the address of the SMB_GEA structure at which the
> error was detected."
> >
> > I did not see anything about extended attribute list in the capture,
> > but if someone else with more knowledge could take a look and see if they
> notice any problems I would be grateful.
> >
> > Thanks!
> > Ben
> >
> 
> There's no EA list on this call so that description isn't valid here.
> 
> AIUI, NT_STATUS_UNSUCCESSFUL is basically a generic "something went
> wrong" error (sort of like EIO on POSIX). It looks like the server doesn't like
> something about the request being sent, but it's tough to know what it is.

The trace Ben attached shows an authentication failure, and I don't see any TRANS2_QUERY_FILE_INFORMATION in the trace at all as Ben references. The client is still sending its SESSION_SETUP attempt. Looks like the client is attempting NTLMSSP/NTLMv2 for NICVALIDATION\administrator, and this status is resulting from the authentication and not the SMB protocol.

Microsoft Message Analyzer shows no problem with the packet structure itself, in any case. So this doesn't appear to be a malformed request.

What type of server is this? The NativeOS string is "SpinStream2", which I don't recognize.
 

RE: Problem with connecting to SMB server in 3.9.11 kernel.

[Amit Haval (India Bangalore)]

Adding our team to comment/help.

-----Original Message-----
From: Tom Talpey [mailto:ttalpey-0li6OtcxBFHby3iVrkZq2A@public.gmane.org] 
Sent: Monday, January 20, 2014 7:17 PM
To: Jeff Layton; Ben Greear
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org; Amit Haval (India Bangalore); Shirish Pargaonkar
Subject: RE: Problem with connecting to SMB server in 3.9.11 kernel.

> -----Original Message-----
> From: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org [mailto:linux-cifs- 
> owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org] On Behalf Of Jeff Layton
> Sent: Monday, January 20, 2014 7:57 AM
> To: Ben Greear
> Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org; Amit Haval (India Bangalore); Shirish 
> Pargaonkar
> Subject: Re: Problem with connecting to SMB server in 3.9.11 kernel.
> 
> On Sat, 18 Jan 2014 09:17:32 -0800
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> 
> > Hello!
> >
> > A customer reported problems connecting our CIFS traffic generation 
> > test
> gear to their SMB server.
> > We are using the 3.9.11+ kernel, and though it is patched, we do not 
> > have any patches to cifs.
> >
> > The OS is Fedora 14, 64-bit.
> >
> > A similar system on Fedora 14, with a 3.7.10+ kernel was working, 
> > but when we tried the 3.7.10+ kernel on the broken machine, it also 
> > failed to
> work.
> > So, it could be the SMB server itself is having issues.  (In the 
> > 3.7.10+ failure, the server just failed to respond after "Setup andX 
> > Request AUTH message", though we did get the TCP ack so it looks 
> > like the message was received by the server.)
> >
> > I'm attaching a capture taken on the SMB server.
> >
> >  From looking at this page:
> >
> > http://msdn.microsoft.com/en-us/library/ff469913.aspx
> >
> > It appears the problem (STATUS_UNSUCCESSFUL) is:
> >
> > "The size of the extended attribute list is not correct. Check the 
> > EaErrorOffset field for the address of the SMB_GEA structure at 
> > which the
> error was detected."
> >
> > I did not see anything about extended attribute list in the capture, 
> > but if someone else with more knowledge could take a look and see if 
> > they
> notice any problems I would be grateful.
> >
> > Thanks!
> > Ben
> >
> 
> There's no EA list on this call so that description isn't valid here.
> 
> AIUI, NT_STATUS_UNSUCCESSFUL is basically a generic "something went 
> wrong" error (sort of like EIO on POSIX). It looks like the server 
> doesn't like something about the request being sent, but it's tough to know what it is.

The trace Ben attached shows an authentication failure, and I don't see any TRANS2_QUERY_FILE_INFORMATION in the trace at all as Ben references. The client is still sending its SESSION_SETUP attempt. Looks like the client is attempting NTLMSSP/NTLMv2 for NICVALIDATION\administrator, and this status is resulting from the authentication and not the SMB protocol.

Microsoft Message Analyzer shows no problem with the packet structure itself, in any case. So this doesn't appear to be a malformed request.

What type of server is this? The NativeOS string is "SpinStream2", which I don't recognize.
 

______________________________________________________________________
This email has been scanned by the Boundary Defense for Email Security System. For more information please visit http://www.apptix.com/email-security/antispam-virus
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the Boundary Defense for Email Security System. For more information please visit http://www.apptix.com/email-security/antispam-virus
______________________________________________________________________

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Shirish Pargaonkar]

yes, this looks like a authentication failure.
It probably is a NetApp server.  Can any other client (e.g. Windows,
smbclient etc.) authenticate using ntlmv2/ntlmssp to this server?

SMB servers do not typically point_out/log what part of the request is
invalid, so it is little harder to figure out how the request is incorrect.


On Sat, Jan 18, 2014 at 11:17 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> Hello!
>
> A customer reported problems connecting our CIFS traffic generation test
> gear to their SMB server.
> We are using the 3.9.11+ kernel, and though it is patched, we do not have
> any
> patches to cifs.
>
> The OS is Fedora 14, 64-bit.
>
> A similar system on Fedora 14, with a 3.7.10+ kernel was working, but when
> we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
> So, it could be the SMB server itself is having issues.  (In the 3.7.10+
> failure,
> the server just failed to respond after "Setup andX Request AUTH message",
> though we
> did get the TCP ack so it looks like the message was received by the
> server.)
>
> I'm attaching a capture taken on the SMB server.
>
> From looking at this page:
>
> http://msdn.microsoft.com/en-us/library/ff469913.aspx
>
> It appears the problem (STATUS_UNSUCCESSFUL) is:
>
> "The size of the extended attribute list is not correct. Check the
> EaErrorOffset field for the
> address of the SMB_GEA structure at which the error was detected."
>
> I did not see anything about extended attribute list in the capture, but if
> someone else
> with more knowledge could take a look and see if they notice any problems I
> would be grateful.
>
> Thanks!
> Ben
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>

RE: Problem with connecting to SMB server in 3.9.11 kernel.

[Amit Haval (India Bangalore)]

Adding nic-dl...

-----Original Message-----
From: Shirish Pargaonkar [mailto:shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org] 
Sent: Monday, January 20, 2014 9:24 PM
To: Ben Greear
Cc: linux-cifs; Amit Haval (India Bangalore)
Subject: Re: Problem with connecting to SMB server in 3.9.11 kernel.

yes, this looks like a authentication failure.
It probably is a NetApp server.  Can any other client (e.g. Windows, smbclient etc.) authenticate using ntlmv2/ntlmssp to this server?

SMB servers do not typically point_out/log what part of the request is invalid, so it is little harder to figure out how the request is incorrect.


On Sat, Jan 18, 2014 at 11:17 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> Hello!
>
> A customer reported problems connecting our CIFS traffic generation 
> test gear to their SMB server.
> We are using the 3.9.11+ kernel, and though it is patched, we do not 
> have any patches to cifs.
>
> The OS is Fedora 14, 64-bit.
>
> A similar system on Fedora 14, with a 3.7.10+ kernel was working, but 
> when we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
> So, it could be the SMB server itself is having issues.  (In the 
> 3.7.10+ failure, the server just failed to respond after "Setup andX 
> Request AUTH message", though we did get the TCP ack so it looks like 
> the message was received by the
> server.)
>
> I'm attaching a capture taken on the SMB server.
>
> From looking at this page:
>
> http://msdn.microsoft.com/en-us/library/ff469913.aspx
>
> It appears the problem (STATUS_UNSUCCESSFUL) is:
>
> "The size of the extended attribute list is not correct. Check the 
> EaErrorOffset field for the address of the SMB_GEA structure at which 
> the error was detected."
>
> I did not see anything about extended attribute list in the capture, 
> but if someone else with more knowledge could take a look and see if 
> they notice any problems I would be grateful.
>
> Thanks!
> Ben
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>

______________________________________________________________________
This email has been scanned by the Boundary Defense for Email Security System. For more information please visit http://www.apptix.com/email-security/antispam-virus
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the Boundary Defense for Email Security System. For more information please visit http://www.apptix.com/email-security/antispam-virus
______________________________________________________________________

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Shirish Pargaonkar]

I will spend more time later tonight/tomorrow but it could be related to
cifs client not using Target received in NTLMSSP Challenge response from
the server (since the bit Target Type Domain in flags is set) while
constructing NTLMSSP Authenticate message. Just a guess.


On Mon, Jan 20, 2014 at 11:34 AM, Amit Haval (India Bangalore)
<amit.haval-ZIEO9HjW1UBWk0Htik3J/w@public.gmane.org> wrote:
> Adding nic-dl...
>
> -----Original Message-----
> From: Shirish Pargaonkar [mailto:shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org]
> Sent: Monday, January 20, 2014 9:24 PM
> To: Ben Greear
> Cc: linux-cifs; Amit Haval (India Bangalore)
> Subject: Re: Problem with connecting to SMB server in 3.9.11 kernel.
>
> yes, this looks like a authentication failure.
> It probably is a NetApp server.  Can any other client (e.g. Windows, smbclient etc.) authenticate using ntlmv2/ntlmssp to this server?
>
> SMB servers do not typically point_out/log what part of the request is invalid, so it is little harder to figure out how the request is incorrect.
>
>
> On Sat, Jan 18, 2014 at 11:17 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
>> Hello!
>>
>> A customer reported problems connecting our CIFS traffic generation
>> test gear to their SMB server.
>> We are using the 3.9.11+ kernel, and though it is patched, we do not
>> have any patches to cifs.
>>
>> The OS is Fedora 14, 64-bit.
>>
>> A similar system on Fedora 14, with a 3.7.10+ kernel was working, but
>> when we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
>> So, it could be the SMB server itself is having issues.  (In the
>> 3.7.10+ failure, the server just failed to respond after "Setup andX
>> Request AUTH message", though we did get the TCP ack so it looks like
>> the message was received by the
>> server.)
>>
>> I'm attaching a capture taken on the SMB server.
>>
>> From looking at this page:
>>
>> http://msdn.microsoft.com/en-us/library/ff469913.aspx
>>
>> It appears the problem (STATUS_UNSUCCESSFUL) is:
>>
>> "The size of the extended attribute list is not correct. Check the
>> EaErrorOffset field for the address of the SMB_GEA structure at which
>> the error was detected."
>>
>> I did not see anything about extended attribute list in the capture,
>> but if someone else with more knowledge could take a look and see if
>> they notice any problems I would be grateful.
>>
>> Thanks!
>> Ben
>>
>> --
>> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
>> Candela Technologies Inc  http://www.candelatech.com
>>
>
> ______________________________________________________________________
> This email has been scanned by the Boundary Defense for Email Security System. For more information please visit http://www.apptix.com/email-security/antispam-virus
> ______________________________________________________________________
>
> ______________________________________________________________________
> This email has been scanned by the Boundary Defense for Email Security System. For more information please visit http://www.apptix.com/email-security/antispam-virus
> ______________________________________________________________________

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Ben Greear]

On 01/20/2014 07:12 PM, Shirish Pargaonkar wrote:
> I will spend more time later tonight/tomorrow but it could be related to
> cifs client not using Target received in NTLMSSP Challenge response from
> the server (since the bit Target Type Domain in flags is set) while
> constructing NTLMSSP Authenticate message. Just a guess.

Did you have any luck with this?

Thanks,
Ben

-- 
Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
Candela Technologies Inc  http://www.candelatech.com

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Shirish Pargaonkar]

I want to code to use Target Name instead of using domain name from
the avpair info received in type 2 ntlmssp challenge message from the server
to calculate ntlmv2 response within ntlmssp.
Will post a preliminary patch to try out with that code change (hopefully
in a day or two).  That is one code change I think might work.

On Thu, Jan 23, 2014 at 11:41 PM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> On 01/20/2014 07:12 PM, Shirish Pargaonkar wrote:
>>
>> I will spend more time later tonight/tomorrow but it could be related to
>> cifs client not using Target received in NTLMSSP Challenge response from
>> the server (since the bit Target Type Domain in flags is set) while
>> constructing NTLMSSP Authenticate message. Just a guess.
>
>
> Did you have any luck with this?
>
> Thanks,
>
> Ben
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Shirish Pargaonkar]

I Was thinking perhaps client not setting either
NTLMSSP_TARGET_TYPE_SERVER  or
NTLMSSP_TARGET_TYPE_DOMAIN or
NTLMSSP_TARGET_TYPE_SHARE
(the one that server sets in type 2/challenge message)
in type 3 message  is a problem but it is not (as per page 33 in
ms-nlmp document).

cifs client should change to code Target Name instead of NetBIOS
domain name from Target Info to calculate ntlmv2 response but that is
not the problem here (because they happen to be the exact same).

Is there a way to check what kind of response this  SMB server
expects i.e. NTLMv1 or NTLMv2?  There may be a conf file on the
server effecting that.

Also, if you can provide wireshark trace for any other client besides
cifs client successfully authenticating with this server, that would be
useful too.


On Sat, Jan 18, 2014 at 11:17 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> Hello!
>
> A customer reported problems connecting our CIFS traffic generation test
> gear to their SMB server.
> We are using the 3.9.11+ kernel, and though it is patched, we do not have
> any
> patches to cifs.
>
> The OS is Fedora 14, 64-bit.
>
> A similar system on Fedora 14, with a 3.7.10+ kernel was working, but when
> we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
> So, it could be the SMB server itself is having issues.  (In the 3.7.10+
> failure,
> the server just failed to respond after "Setup andX Request AUTH message",
> though we
> did get the TCP ack so it looks like the message was received by the
> server.)
>
> I'm attaching a capture taken on the SMB server.
>
> From looking at this page:
>
> http://msdn.microsoft.com/en-us/library/ff469913.aspx
>
> It appears the problem (STATUS_UNSUCCESSFUL) is:
>
> "The size of the extended attribute list is not correct. Check the
> EaErrorOffset field for the
> address of the SMB_GEA structure at which the error was detected."
>
> I did not see anything about extended attribute list in the capture, but if
> someone else
> with more knowledge could take a look and see if they notice any problems I
> would be grateful.
>
> Thanks!
> Ben
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Shirish Pargaonkar]

Can you try this patch and see if it works?

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index e87387d..ac14d71 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -450,9 +450,8 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
        sec_blob->WorkstationName.MaximumLength = 0;
        tmp += 2;

-       if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
-               (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
-                       && !calc_seckey(ses)) {
+       if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
+                       !calc_seckey(ses)) {
                memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
                sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
                sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);

On Sat, Jan 18, 2014 at 11:17 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> Hello!
>
> A customer reported problems connecting our CIFS traffic generation test
> gear to their SMB server.
> We are using the 3.9.11+ kernel, and though it is patched, we do not have
> any
> patches to cifs.
>
> The OS is Fedora 14, 64-bit.
>
> A similar system on Fedora 14, with a 3.7.10+ kernel was working, but when
> we tried the 3.7.10+ kernel on the broken machine, it also failed to work.
> So, it could be the SMB server itself is having issues.  (In the 3.7.10+
> failure,
> the server just failed to respond after "Setup andX Request AUTH message",
> though we
> did get the TCP ack so it looks like the message was received by the
> server.)
>
> I'm attaching a capture taken on the SMB server.
>
> From looking at this page:
>
> http://msdn.microsoft.com/en-us/library/ff469913.aspx
>
> It appears the problem (STATUS_UNSUCCESSFUL) is:
>
> "The size of the extended attribute list is not correct. Check the
> EaErrorOffset field for the
> address of the SMB_GEA structure at which the error was detected."
>
> I did not see anything about extended attribute list in the capture, but if
> someone else
> with more knowledge could take a look and see if they notice any problems I
> would be grateful.
>
> Thanks!
> Ben
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Ben Greear]

On 01/26/2014 10:07 PM, Shirish Pargaonkar wrote:
> Can you try this patch and see if it works?

We have verified that this works in our test systems.
We are just passing user=foo,password=bar in our
mount options, so hopefully that is sufficient to exercise this
code?

Thanks,
Ben

> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
> index e87387d..ac14d71 100644
> --- a/fs/cifs/sess.c
> +++ b/fs/cifs/sess.c
> @@ -450,9 +450,8 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>         sec_blob->WorkstationName.MaximumLength = 0;
>         tmp += 2;
> 
> -       if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
> -               (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
> -                       && !calc_seckey(ses)) {
> +       if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
> +                       !calc_seckey(ses)) {
>                 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
>                 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
>                 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);

-- 
Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
Candela Technologies Inc  http://www.candelatech.com

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Steve French]

username=foo is preferred

On Mon, Feb 3, 2014 at 11:54 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> On 01/26/2014 10:07 PM, Shirish Pargaonkar wrote:
>> Can you try this patch and see if it works?
>
> We have verified that this works in our test systems.
> We are just passing user=foo,password=bar in our
> mount options, so hopefully that is sufficient to exercise this
> code?
>
> Thanks,
> Ben
>
>> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
>> index e87387d..ac14d71 100644
>> --- a/fs/cifs/sess.c
>> +++ b/fs/cifs/sess.c
>> @@ -450,9 +450,8 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>>         sec_blob->WorkstationName.MaximumLength = 0;
>>         tmp += 2;
>>
>> -       if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
>> -               (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
>> -                       && !calc_seckey(ses)) {
>> +       if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
>> +                       !calc_seckey(ses)) {
>>                 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
>>                 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
>>                 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Thanks,

Steve

Re: Problem with connecting to SMB server in 3.9.11 kernel.

[Shirish Pargaonkar]

Thanks. Will post a patch on the mailing list.

Regards,

Shirish

On Mon, Feb 3, 2014 at 11:54 AM, Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org> wrote:
> On 01/26/2014 10:07 PM, Shirish Pargaonkar wrote:
>> Can you try this patch and see if it works?
>
> We have verified that this works in our test systems.
> We are just passing user=foo,password=bar in our
> mount options, so hopefully that is sufficient to exercise this
> code?
>
> Thanks,
> Ben
>
>> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
>> index e87387d..ac14d71 100644
>> --- a/fs/cifs/sess.c
>> +++ b/fs/cifs/sess.c
>> @@ -450,9 +450,8 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>>         sec_blob->WorkstationName.MaximumLength = 0;
>>         tmp += 2;
>>
>> -       if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
>> -               (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
>> -                       && !calc_seckey(ses)) {
>> +       if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
>> +                       !calc_seckey(ses)) {
>>                 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
>>                 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
>>                 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
>
> --
> Ben Greear <greearb-my8/4N5VtI7c+919tysfdA@public.gmane.org>
> Candela Technologies Inc  http://www.candelatech.com
>