Hi, (see : http://lists.samba.org/archive/linux-cifs-client/2008-March/002722.html) We use a Netapp filer that requires clear-text password for authentication. Old smbfs module and helper work like a charm while the new cifs ones abort connection with a 'Server Error (0x02)' (Non specific error code). The client machine runs Kubuntu 7.10 (kernel 2.6.22-14-generic) and the Cifs module v1.50 manually compiled with CONFIG_CIFS_WEAK_PW_HASH. Our server runs Data Ontap v7.1 (same error on v7.2) and is configured to authenticate users in a standalone mode, against an LDAP server (that's why we need clear-text authentication). Here are network captures : * SMBFS (connection OK) Command : smbmount //157.99.64.123/Sis /mnt/tmp -o username=martymac,netbiosname=CIFSCLT,workgroup=WORKGROUP URL : http://contribs.martymac.com/misc/net-captures/mount.smbfs-20080307.pcap * CIFS (error) Command : mount.cifs //157.99.64.123/Sis /mnt/tmp -o user=martymac,netbiosname=CIFSCLT,domain=WORKGROUP With 0x37 as SecurityFlags : URL : http://contribs.martymac.com/misc/net-captures/mount.cifs-20080307.pcap A clear-text password is requested by the server, but the client sends LANMAN hashes anyway. Connection ends with a Server Error (0x02). With more restrictive SecurityFlags (0x20020) : URL : http://contribs.martymac.com/misc/net-captures/mount.cifs-0x20020-20080312.pcap The clear-text password now appears during the 'Session Setup AndX Request' step. Unfortunately, the account used for the connection seems to be incorrect (a concatenation of the Domain, the client OS and the Lan manager without the very first letter) and there is no valid session key (0x00000000). Connection also ends with a Server Error (0x02). For both tries, Syslog shows : [10212.816000] CIFS VFS: Send error in SessSetup = -5 [10212.816000] CIFS VFS: cifs_mount failed w/return code = -5 I can provide more network traces / details if necessary... Best regards, Ganaël Laplanche.
Any news on this one?
Created attachment 3511 [details] fix to allow plaintext lanman passwords To use this requires that /proc/fs/cifs/SecurityFlags be set to 0x30030 (ie LANMAN session setup, plaintext passwords)
I have attached a patch. I briefly tested it with Samba by setting password encryption to no in smb.conf. Plaintext authentication required setting /proc/fs/cifs/SecurityFlags to 0x30030 (enabling both LANMAN and also PLAINTEXT)
This is great news. Thanks.
If I can get fix feedback fairly quickly from other users, I will request a merge with mainline before 2.6.27 if possible
Hi Steve, First of all, thanks for the patch. Unfortunately, it does not work for me (still trying to mount our netapp shares). Here is what I have done (cifs v1.52 + your patch, on gentoo, kernel 2.6.25) : # echo 0x30030 > /proc/fs/cifs/SecurityFlags # mount.cifs //157.99.64.122/sis /mnt/cifs -o user=martymac,netbiosname=CIFSCLT,domain=WORKGROUP Connection still ends with this error : Aug 28 15:39:32 <machine> CIFS VFS: Send error in SessSetup = -5 Aug 28 15:39:32 <machine> CIFS VFS: cifs_mount failed w/return code = -5 With a little bit of verbosity : # echo 1 > /proc/fs/cifs/cifsFYI Aug 28 15:40:37 <machine> fs/cifs/cifsfs.c: Devname: //157.99.64.122/sis flags: 64 Aug 28 15:40:37 <machine> fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 16 with uid: 0 Aug 28 15:40:37 <machine> fs/cifs/connect.c: Domain name set Aug 28 15:40:37 <machine> fs/cifs/connect.c: Username: martymac Aug 28 15:40:37 <machine> fs/cifs/netmisc.c: address conversion returned 1 for 157.99.64.122 Aug 28 15:40:37 <machine> fs/cifs/connect.c: UNC: \\157.99.64.122\sis ip: 157.99.64.122 Aug 28 15:40:37 <machine> fs/cifs/connect.c: Socket created Aug 28 15:40:37 <machine> fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x7fffffffffffffff Aug 28 15:40:37 <machine> fs/cifs/connect.c: Demultiplex PID: 29640 Aug 28 15:40:37 <machine> fs/cifs/connect.c: Existing smb sess not found Aug 28 15:40:37 <machine> fs/cifs/cifssmb.c: secFlags 0x30030 Aug 28 15:40:37 <machine> fs/cifs/transport.c: For smb_command 114 Aug 28 15:40:37 <machine> fs/cifs/transport.c: Sending smb of length 78 Aug 28 15:40:37 <machine> fs/cifs/connect.c: rfc1002 length 0x52 Aug 28 15:40:37 <machine> fs/cifs/cifssmb.c: Dialect: 2 Aug 28 15:40:37 <machine> fs/cifs/cifssmb.c: Max buf = 16472 Aug 28 15:40:37 <machine> fs/cifs/cifssmb.c: Signing disabled Aug 28 15:40:37 <machine> fs/cifs/cifssmb.c: negprot rc 0 Aug 28 15:40:37 <machine> fs/cifs/connect.c: Security Mode: 0x1 Capabilities: 0xd3fd TimeAdjust: -7200 Aug 28 15:40:37 <machine> fs/cifs/sess.c: sess setup type 1 Aug 28 15:40:37 <machine> fs/cifs/sess.c: Negotiating LANMAN setting up strings Aug 28 15:40:37 <machine> fs/cifs/transport.c: For smb_command 115 Aug 28 15:40:37 <machine> fs/cifs/transport.c: Sending smb: total_len 159 Aug 28 15:40:37 <machine> fs/cifs/connect.c: rfc1002 length 0x27 Aug 28 15:40:37 <machine> fs/cifs/netmisc.c: Mapping smb error code 1 to POSIX err -5 Aug 28 15:40:37 <machine> fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release Aug 28 15:40:37 <machine> fs/cifs/sess.c: ssetup rc from sendrecv2 is -5 Aug 28 15:40:37 <machine> fs/cifs/sess.c: ssetup freeing small buf ffff8100679ecd40 Aug 28 15:40:37 <machine> CIFS VFS: Send error in SessSetup = -5 Aug 28 15:40:37 <machine> fs/cifs/connect.c: No session or bad tcon Aug 28 15:40:37 <machine> fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 16) rc = -5 Aug 28 15:40:37 <machine> CIFS VFS: cifs_mount failed w/return code = -5 Best regards, Ganaël.
Created attachment 3512 [details] New tcpdump capture using the plaintext patch This is a network capture (pcap file) taken while trying to connect to our netapp filer using the patch previously submitted.
The NetApp filer is negotiating Unicode but LANMAN session setup is ASCII only, so following is what I am testing in order to workaround this diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index b537fad..252fdc0 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -409,6 +409,8 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, #ifdef CONFIG_CIFS_WEAK_PW_HASH char lnm_session_key[CIFS_SESS_KEY_SIZE]; + pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE; + /* no capabilities flags in old lanman negotiation */ pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
Created attachment 3513 [details] 2nd half of patch This fixes the Unicode alignment problem with the ASCII strings during session setup lanman style. It applies on top of the previous patch
Tested and seems to fix the problem - let us know if you see any other problems. Some day I would like to add a "sec=plaintext" (or something similar to indicate forcing plaintext authentication) mount option, but don't want to add a mount option change this late in the 2.6.27 release cycle.
Great ! It works for me, thanks :) Umount step seems to be quite long (but should not be related to this bug report). I still have to investigate... Best regards, Ganaël.
long umount was caused by cifs client rejecting a malformed ulogoffX response from the NetApp filer (presumably they have fixed that in later versions) - since buffer overflow is a possibility if a client chooses not to validate internal structure lengths in responses, we chose to leave the length checks in in most cases. I don't think we were able to relax the strict length checks for this case - but the only harm is a slightly longer unmount (the cifs client closes the session when it does not get a valid response anyway) and the server may already be fixed by now. I have reported it to NetApp at least twice.
Hi Steve, Ok, thanks for clarifying this :)