All of lore.kernel.org
 help / color / mirror / Atom feed
From: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
To: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
Subject: [PATCH v3 0/7] Add support for DFS in SMB2+
Date: Tue, 28 Feb 2017 19:40:27 +0100	[thread overview]
Message-ID: <20170228184034.18771-1-aaptel@suse.com> (raw)

This series of patch tries to implement the get_dfs_refer operation
for SMB2+.

In SMB2+, DFS resolving is now done through an FSCTL (patch #7). The
relevant Microsoft specifications for this are:

MS-SMB2: 3.2.4.20   Application Requests an IO Control Code Operation
MS-SMB2: 3.2.4.20.3 Application Requests DFS Referral Information
MS-SMB2: 3.2.5.14   Receiving an SMB2 IOCTL Response
MS-SMB2: 3.2.5.14.4 Handling a DFS Referral Information Response

MS-DFSC: 2.2  Message Syntax (but really the whole document is useful)

The DFS response payload however is identical. Patch #1 moves the
DFS response parsing out of SMB1 code and makes it work on any version
of SMB.

DFS code has 2 "main" entry points: initial mounting and automount
(when a DFS link is accessed/traversed).

When automounting, cifs.ko calls build_path_from_dentry() which only
makes treename-prefixed paths when the tcon has the
SMB_IN_DFS_SHARE. This flag is checked in tcon->Flags which is never
touched by SMB2 code as it sets tcon->share_flags on connexion.

* CIFS requires to prefix all pathnames with the treename prefix when
  connected to a DFS server, so the current build_path_from_dentry()
  makes sense for CIFS. 
* For SMB2+ it seems only the Create request requires the treename
  prefix. Simply making the function check for both CIFS SMB2+ flag
  for DFS to add a prefix does not work as the server has different
  expectations about which packet can have/require a DFS pathname.

Patch #2 adds build_path_from_dentry_optional_prefix() with an extra
bool arg to decide to prefix or not. The automount code path always
ask for it. Patch #6 modifies SMB2_open() to add the treename prefix
to the given path if the server requires it.

We try to use an IPC connection first for the DFS request. Patch #3
adds a flag to SMB2_ioctl() to force the usage of ipc_tid. The SMB2
get_dfs_refer operation tries with the flag set and fallback to a
share connection if that doesn't work.

Patch #4 updates the type of ipc_tid from u16 to u32 as that is what a
Tid is in SMB2+. This is correct and really needed since in SMB2 Samba
doesn't use sequential tree id but random ones in the 32bit space.

As part of the mouting process a IPC tcon is made (I suspect we don't
need it anymore in SMB3). This tcon doesn't respect the signing
requirement. This is fixed by patch #5.

Finally the SMB2+ implementation of the get_dfs_referral operation is
added in all supported SMB versions in patch #7.

I've sucessfuly tested this (v1.0 and v3.0) against a Windows Server
2016 DFS setup and a Samba DFS setup.

Samba used to only accepts DFS referrals requests on an IPC connexion,
which is in violation of the spec. A patch was sent on samba-technical
and merged. It is not required anymore.

https://lists.samba.org/archive/samba-technical/2017-February/118859.html

Changes since v2:

* add use_ipc flag to SMB2_open()
* make smb2_get_dfs_refer() try IPC connections first
* use first_entry_or_null() instead of first_entry() on the tcon list
* protect tcon list access with spinlock
* add inc/dec of the tcon reference number, protected by spinlock

Aurelien Aptel (7):
  CIFS: move DFS response parsing out of SMB1 code
  CIFS: add build_path_from_dentry_optional_prefix()
  CIFS: add use_ipc flag to SMB2_ioctl()
  CIFS: let ses->ipc_tid hold smb2 TreeIds
  CIFS: set signing flag in SMB2+ TreeConnect if needed
  CIFS: use DFS pathnames in SMB2+ Create requests
  CIFS: implement get_dfs_refer for SMB2+

 fs/cifs/cifs_dfs_ref.c |   4 +-
 fs/cifs/cifsglob.h     |   2 +-
 fs/cifs/cifspdu.h      |  16 ++++---
 fs/cifs/cifsproto.h    |   7 +++
 fs/cifs/cifssmb.c      | 119 ++---------------------------------------------
 fs/cifs/dir.c          |  13 +++++-
 fs/cifs/misc.c         | 105 +++++++++++++++++++++++++++++++++++++++++
 fs/cifs/smb2file.c     |   3 +-
 fs/cifs/smb2ops.c      | 123 ++++++++++++++++++++++++++++++++++++++++++++++---
 fs/cifs/smb2pdu.c      | 114 +++++++++++++++++++++++++++++++++++++--------
 fs/cifs/smb2pdu.h      |   8 ++++
 fs/cifs/smb2proto.h    |   3 +-
 12 files changed, 365 insertions(+), 152 deletions(-)

-- 
2.10.2

             reply	other threads:[~2017-02-28 18:40 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-28 18:40 Aurelien Aptel [this message]
     [not found] ` <20170228184034.18771-1-aaptel-IBi9RG/b67k@public.gmane.org>
2017-02-28 18:40   ` [PATCH v3 1/7] CIFS: move DFS response parsing out of SMB1 code Aurelien Aptel
     [not found]     ` <20170228184034.18771-2-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  1:58       ` Pavel Shilovsky
2017-02-28 18:40   ` [PATCH v3 2/7] CIFS: add build_path_from_dentry_optional_prefix() Aurelien Aptel
     [not found]     ` <20170228184034.18771-3-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  2:35       ` Pavel Shilovsky
2017-02-28 18:40   ` [PATCH v3 3/7] CIFS: add use_ipc flag to SMB2_ioctl() Aurelien Aptel
     [not found]     ` <20170228184034.18771-4-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  2:36       ` Pavel Shilovsky
2017-02-28 18:40   ` [PATCH v3 4/7] CIFS: let ses->ipc_tid hold smb2 TreeIds Aurelien Aptel
     [not found]     ` <20170228184034.18771-5-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  2:36       ` Pavel Shilovsky
2017-02-28 18:40   ` [PATCH v3 5/7] CIFS: set signing flag in SMB2+ TreeConnect if needed Aurelien Aptel
     [not found]     ` <20170228184034.18771-6-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  2:37       ` Pavel Shilovsky
2017-02-28 18:40   ` [PATCH v3 6/7] CIFS: use DFS pathnames in SMB2+ Create requests Aurelien Aptel
     [not found]     ` <20170228184034.18771-7-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  2:40       ` Pavel Shilovsky
2017-02-28 18:40   ` [PATCH v3 7/7] CIFS: implement get_dfs_refer for SMB2+ Aurelien Aptel
     [not found]     ` <20170228184034.18771-8-aaptel-IBi9RG/b67k@public.gmane.org>
2017-03-01  2:42       ` Pavel Shilovsky
2017-06-22 23:03       ` Pavel Shilovsky
     [not found]         ` <CAKywueTx4b4+MDYeTm+jBsUZfmYe+Sa1HT9cUx-d4043hKxr+A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-06-22 23:05           ` Pavel Shilovsky
     [not found]             ` <CAKywueSy1Y1PNLHkRnDbxgc+Kf1qe_H65DPkWpX-=k=Enu-VUw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-06-23  9:19               ` Aurélien Aptel
2017-03-02  4:41   ` [PATCH v3 0/7] Add support for DFS in SMB2+ Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170228184034.18771-1-aaptel@suse.com \
    --to=aaptel-ibi9rg/b67k@public.gmane.org \
    --cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.