Re: CIFS regression mounting vers=1.0 NTLMSSP when hostname is too long
From: Paulo Alcantara
Date: Tue May 03 2022 - 21:44:58 EST
Byron Stanoszek <gandalf@xxxxxxxxx> writes:
> I would like to report a regression in the CIFS fs. Sometime between Linux 4.14
> and 5.16, mounting CIFS with option vers=1.0 (and
> CONFIG_CIFS_ALLOW_INSECURE_LEGACY=y set appropriately) with security type
> NTLMSSP stopped working for me. The server side is a Windows 2003 Server.
>
> I found that this behavior depends on the length of the Linux client's
> host+domain name (e.g. utsname()->nodename), where the mount works as long as
> the name is 16 characters or less. Anything 17 or above returns -EIO, per the
> following example:
Looks like your server is expecting the WorkstationName field in
AUTHENTICATE_MESSAGE payload to be 16 bytes long. That is, NetBIOS name
length as per rfc1001.
> I implemented a workaround using the following patch:
>
> Signed-off-by: Byron Stanoszek <gandalf@xxxxxxxxx>
> ---
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -101,7 +101,7 @@
> #define XATTR_DOS_ATTRIB "user.DOSATTRIB"
> #endif
>
> -#define CIFS_MAX_WORKSTATION_LEN (__NEW_UTS_LEN + 1) /* reasonable max for client */
> +#define CIFS_MAX_WORKSTATION_LEN 16
>
> /*
> * CIFS vfs client Status information (based on what we know.)
>
> I don't know if this patch is correct or will have any real effect outside of
> the NTLMSSP session connect sequence, but it worked in my case.
Perhaps we should be use TCP_Server_Info::workstation_RFC1001_name in
fs/cifs/sess.c:build_ntlmssp_auth_blob() instead only when connecting to
old servers by using insecure dialects -- like SMB1, in your case.