[PATCH] CIFS: handle guest access errors to Windows shares

[PATCH] CIFS: handle guest access errors to Windows shares

[Mark Syms]

Commit 1a967d6c9b39c226be1b45f13acd4d8a5ab3dc44 ("correctly to
anonymous authentication for the NTLM(v2) authentication") introduces
a regression in handling errors related to attempting a guest
connection to a Windows share which requires authentication. This
should result in a permission denied error but actually causes the
kernel module to enter a never-ending loop trying to follow a DFS
referal which doesn't exist.

The base cause of this is the failure now occurs later in the process
during tree connect and not at the session setup setup and all errors
in tree connect are interpreted as needing to follow the DFS paths
which isn't in this case correct. So, check the returned error against
EACCES and fail if this is returned error.
---
 fs/cifs/connect.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 4547aed..a1737aa 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3651,6 +3651,9 @@ cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info)
 	if (IS_ERR(tcon)) {
 		rc = PTR_ERR(tcon);
 		tcon = NULL;
+		if (rc == -EACCES) {
+			goto mount_fail_check;
+		}
 		goto remote_path_check;
 	}
 
-- 
2.10.2

Re: [PATCH] CIFS: handle guest access errors to Windows shares

[Aurélien Aptel]

I've tried setting up a guest share on a Windows 2016 server and
mounting it before and after your patch. Powershell setup follows.

To setup the share I had to enable the guest account

  PS> net user guest /active:yes

Make the directory, give perms, make share

  PS> mkdir C:\guestshare
  PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
  PS> New-SmbShare -name guestshare -path C:\guestshare -fullaccess Everyone

After this, smbclient -N works:

  % smbclient //$(vmip win2016)/guestshare -N
  OS=[Windows Server 2016 Standard 14393] Server=[Windows Server 2016 Standard 6.3]
  smb: \> ^D

On the wire:

  CLIENT -> SERVER SMB Negotiate Protocol Request
  SERVER -> CLIENT SMB Negotiate Protocol Response
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
  SERVER -> CLIENT SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel
  SERVER -> CLIENT SMB Session Setup AndX Response
  |                    Action: 0x0001
  |                    .... .... .... ...1 = Guest: Logged in as GUEST
  CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\SERVER\IPC$
  SERVER -> CLIENT SMB Tree Connect AndX Response
  CLIENT -> SERVER SMB Trans2 Request, GET_DFS_REFERRAL, File: \SERVER\guestshare
  SERVER -> CLIENT SMB Trans2 Response, GET_DFS_REFERRAL, Error: STATUS_NOT_FOUND
  CLIENT -> SERVER SMB Tree Disconnect Request
  SERVER -> CLIENT SMB Tree Disconnect Response
  CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\SERVER\GUESTSHARE
  SERVER -> CLIENT SMB Tree Connect AndX Response
  CLIENT -> SERVER SMB Echo Request
  SERVER -> CLIENT SMB Echo Response
  CLIENT -> SERVER SMB Tree Disconnect Request
  SERVER -> CLIENT SMB Tree Disconnect Response

But from cifs.ko master (with or without your patch) I get this:

  # mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest
  CIFS VFS: SMB signature verification returned error = -13
  CIFS VFS: SMB signature verification returned error = -13
  CIFS VFS: cifs_mount failed w/return code = -13
  mount error(13): Permission denied
  Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

On the wire:

  CLIENT -> SERVER SMB Negotiate Protocol Request
  SERVER -> CLIENT SMB Negotiate Protocol Response
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
  SERVER -> CLIENT SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_AUTH, User: SUSE\
  SERVER -> CLIENT SMB Session Setup AndX Response
  |                    Action: 0x0000
  |                    .... .... .... ...0 = Guest: Not logged in as GUEST
  CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\WS2016\guestshare
  SERVER -> CLIENT SMB Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED
  CLIENT -> SERVER SMB Logoff AndX Request
  SERVER -> CLIENT SMB Logoff AndX Response

So why is it failing in this case? The server is an AD of the domain
SUSE. I gave `guest` mount option but that option is actually ignored on
purpose.

Since I gave no username, domain or password cifs.ko tries to login with
"SUSE\". In the Session Setup response this results in the Action field
being set to "non-guest" and the tree connect laters fails.

smbclient uses "WORKGROUP\<my user name>" when I login with -N. If I use
-U 'SUSE\' like cifs.ko does it fails. Similarly, if I use a non-empty,
non-existing user in cifs.ko (e.g. "SUSE\xyz" instead of "SUSE\", it
works).

So to summarize I couldn't reproduce Mark's bug against Window Server
2016 (same behaviour with and without the patch). But I have discovered
that the way cifs.ko picks the username/domain when none are provided is
not correct in my scenario.

...

After re-reading Mark email I've just realized he said it happens when
using the guest account to do a tree connect on a share that *requires* a
real account. So with the guest account still activated I've added deny
rules:

  PS> icacls C:\guestshare /deny 'Guest:(OI)(CI)F'
  PS> Block-SmbShareAccess -name guestshare -accountname guest -force

But the tree connect still works with both cifs.ko and smbclient. What
is denies with thoses rules are anything past the connexion it
seems. cifs.ko fails for permissions reasons because it tries to query
things at the root level as part of mounting. In anycase I was not able
to make cifs.ko hang during any of my tests.

I would be curious to see a network trace of your scenario.

--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

Re: [PATCH] CIFS: handle guest access errors to Windows shares

[Germano Percossi]

Hi Aurelien,

I am not sure about the username thing but the behaviour when
no domain is passed is wrong in my opinion and this is why
I submitted a patch few days ago.

Germano

On 11/29/2016 03:43 PM, Aurélien Aptel wrote:
> I've tried setting up a guest share on a Windows 2016 server and
> mounting it before and after your patch. Powershell setup follows.
> 
> To setup the share I had to enable the guest account
> 
>   PS> net user guest /active:yes
> 
> Make the directory, give perms, make share
> 
>   PS> mkdir C:\guestshare
>   PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
>   PS> New-SmbShare -name guestshare -path C:\guestshare -fullaccess Everyone
> 
> After this, smbclient -N works:
> 
>   % smbclient //$(vmip win2016)/guestshare -N
>   OS=[Windows Server 2016 Standard 14393] Server=[Windows Server 2016 Standard 6.3]
>   smb: \> ^D
> 
> On the wire:
> 
>   CLIENT -> SERVER SMB Negotiate Protocol Request
>   SERVER -> CLIENT SMB Negotiate Protocol Response
>   CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
>   SERVER -> CLIENT SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
>   CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel
>   SERVER -> CLIENT SMB Session Setup AndX Response
>   |                    Action: 0x0001
>   |                    .... .... .... ...1 = Guest: Logged in as GUEST
>   CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\SERVER\IPC$
>   SERVER -> CLIENT SMB Tree Connect AndX Response
>   CLIENT -> SERVER SMB Trans2 Request, GET_DFS_REFERRAL, File: \SERVER\guestshare
>   SERVER -> CLIENT SMB Trans2 Response, GET_DFS_REFERRAL, Error: STATUS_NOT_FOUND
>   CLIENT -> SERVER SMB Tree Disconnect Request
>   SERVER -> CLIENT SMB Tree Disconnect Response
>   CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\SERVER\GUESTSHARE
>   SERVER -> CLIENT SMB Tree Connect AndX Response
>   CLIENT -> SERVER SMB Echo Request
>   SERVER -> CLIENT SMB Echo Response
>   CLIENT -> SERVER SMB Tree Disconnect Request
>   SERVER -> CLIENT SMB Tree Disconnect Response
> 
> But from cifs.ko master (with or without your patch) I get this:
> 
>   # mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest
>   CIFS VFS: SMB signature verification returned error = -13
>   CIFS VFS: SMB signature verification returned error = -13
>   CIFS VFS: cifs_mount failed w/return code = -13
>   mount error(13): Permission denied
>   Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> 
> On the wire:
> 
>   CLIENT -> SERVER SMB Negotiate Protocol Request
>   SERVER -> CLIENT SMB Negotiate Protocol Response
>   CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
>   SERVER -> CLIENT SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
>   CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_AUTH, User: SUSE\
>   SERVER -> CLIENT SMB Session Setup AndX Response
>   |                    Action: 0x0000
>   |                    .... .... .... ...0 = Guest: Not logged in as GUEST
>   CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\WS2016\guestshare
>   SERVER -> CLIENT SMB Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED
>   CLIENT -> SERVER SMB Logoff AndX Request
>   SERVER -> CLIENT SMB Logoff AndX Response
> 
> So why is it failing in this case? The server is an AD of the domain
> SUSE. I gave `guest` mount option but that option is actually ignored on
> purpose.
> 
> Since I gave no username, domain or password cifs.ko tries to login with
> "SUSE\". In the Session Setup response this results in the Action field
> being set to "non-guest" and the tree connect laters fails.
> 
> smbclient uses "WORKGROUP\<my user name>" when I login with -N. If I use
> -U 'SUSE\' like cifs.ko does it fails. Similarly, if I use a non-empty,
> non-existing user in cifs.ko (e.g. "SUSE\xyz" instead of "SUSE\", it
> works).
> 
> So to summarize I couldn't reproduce Mark's bug against Window Server
> 2016 (same behaviour with and without the patch). But I have discovered
> that the way cifs.ko picks the username/domain when none are provided is
> not correct in my scenario.
> 
> ...
> 
> After re-reading Mark email I've just realized he said it happens when
> using the guest account to do a tree connect on a share that *requires* a
> real account. So with the guest account still activated I've added deny
> rules:
> 
>   PS> icacls C:\guestshare /deny 'Guest:(OI)(CI)F'
>   PS> Block-SmbShareAccess -name guestshare -accountname guest -force
> 
> But the tree connect still works with both cifs.ko and smbclient. What
> is denies with thoses rules are anything past the connexion it
> seems. cifs.ko fails for permissions reasons because it tries to query
> things at the root level as part of mounting. In anycase I was not able
> to make cifs.ko hang during any of my tests.
> 
> I would be curious to see a network trace of your scenario.
> 
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

RE: [PATCH] CIFS: handle guest access errors to Windows shares

[Mark Syms]

[-- Attachment #1: Type: text/plain, Size: 6459 bytes --]

Hopefully the attached will help clarify things. Two traces performing the same operation on a 3.10 kernel, as used by XenServer 7.0, and on the 4.4 kernel used by the current development version of XenServer.

Connection was being made to a Windows 8.1 machine with a share exposed to the Windows "Everyone" user - which requires authentication. Mount command being executed was

mount -t cifs //10.62.98.3/Share /tmp-smb/ -o guest

No other share configuration was performed, i.e. no guest or anonymous access.

On the 3.10 kernel this responds with permission denied as we'd expect. On the 4.4 kernel without the patch below the session establishment process enters a non-terminating loop chasing DFS referrals (as can be seen at the end of the 4.4 pcap trace, this repeats forever so I've trimmed the trace).

It's possible that the behaviour of Server class Windows will behave differently but mapping to shares to a client class OS is supported use case for us.

Thanks,

	Mark.

-----Original Message-----
From: linux-cifs-owner@vger.kernel.org [mailto:linux-cifs-owner@vger.kernel.org] On Behalf Of Aurélien Aptel
Sent: 29 November 2016 15:44
To: Mark Syms <Mark.Syms@citrix.com>; sfrench@samba.org; linux-cifs@vger.kernel.org
Cc: Mark Syms <Mark.Syms@citrix.com>
Subject: Re: [PATCH] CIFS: handle guest access errors to Windows shares

I've tried setting up a guest share on a Windows 2016 server and mounting it before and after your patch. Powershell setup follows.

To setup the share I had to enable the guest account

  PS> net user guest /active:yes

Make the directory, give perms, make share

  PS> mkdir C:\guestshare
  PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
  PS> New-SmbShare -name guestshare -path C:\guestshare -fullaccess Everyone

After this, smbclient -N works:

  % smbclient //$(vmip win2016)/guestshare -N
  OS=[Windows Server 2016 Standard 14393] Server=[Windows Server 2016 Standard 6.3]
  smb: \> ^D

On the wire:

  CLIENT -> SERVER SMB Negotiate Protocol Request
  SERVER -> CLIENT SMB Negotiate Protocol Response
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
  SERVER -> CLIENT SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel
  SERVER -> CLIENT SMB Session Setup AndX Response
  |                    Action: 0x0001
  |                    .... .... .... ...1 = Guest: Logged in as GUEST
  CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\SERVER\IPC$
  SERVER -> CLIENT SMB Tree Connect AndX Response
  CLIENT -> SERVER SMB Trans2 Request, GET_DFS_REFERRAL, File: \SERVER\guestshare
  SERVER -> CLIENT SMB Trans2 Response, GET_DFS_REFERRAL, Error: STATUS_NOT_FOUND
  CLIENT -> SERVER SMB Tree Disconnect Request
  SERVER -> CLIENT SMB Tree Disconnect Response
  CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\SERVER\GUESTSHARE
  SERVER -> CLIENT SMB Tree Connect AndX Response
  CLIENT -> SERVER SMB Echo Request
  SERVER -> CLIENT SMB Echo Response
  CLIENT -> SERVER SMB Tree Disconnect Request
  SERVER -> CLIENT SMB Tree Disconnect Response

But from cifs.ko master (with or without your patch) I get this:

  # mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest
  CIFS VFS: SMB signature verification returned error = -13
  CIFS VFS: SMB signature verification returned error = -13
  CIFS VFS: cifs_mount failed w/return code = -13
  mount error(13): Permission denied
  Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

On the wire:

  CLIENT -> SERVER SMB Negotiate Protocol Request
  SERVER -> CLIENT SMB Negotiate Protocol Response
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
  SERVER -> CLIENT SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
  CLIENT -> SERVER SMB Session Setup AndX Request, NTLMSSP_AUTH, User: SUSE\
  SERVER -> CLIENT SMB Session Setup AndX Response
  |                    Action: 0x0000
  |                    .... .... .... ...0 = Guest: Not logged in as GUEST
  CLIENT -> SERVER SMB Tree Connect AndX Request, Path: \\WS2016\guestshare
  SERVER -> CLIENT SMB Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED
  CLIENT -> SERVER SMB Logoff AndX Request
  SERVER -> CLIENT SMB Logoff AndX Response

So why is it failing in this case? The server is an AD of the domain SUSE. I gave `guest` mount option but that option is actually ignored on purpose.

Since I gave no username, domain or password cifs.ko tries to login with "SUSE\". In the Session Setup response this results in the Action field being set to "non-guest" and the tree connect laters fails.

smbclient uses "WORKGROUP\<my user name>" when I login with -N. If I use -U 'SUSE\' like cifs.ko does it fails. Similarly, if I use a non-empty, non-existing user in cifs.ko (e.g. "SUSE\xyz" instead of "SUSE\", it works).

So to summarize I couldn't reproduce Mark's bug against Window Server
2016 (same behaviour with and without the patch). But I have discovered that the way cifs.ko picks the username/domain when none are provided is not correct in my scenario.

...

After re-reading Mark email I've just realized he said it happens when using the guest account to do a tree connect on a share that *requires* a real account. So with the guest account still activated I've added deny
rules:

  PS> icacls C:\guestshare /deny 'Guest:(OI)(CI)F'
  PS> Block-SmbShareAccess -name guestshare -accountname guest -force

But the tree connect still works with both cifs.ko and smbclient. What is denies with thoses rules are anything past the connexion it seems. cifs.ko fails for permissions reasons because it tries to query things at the root level as part of mounting. In anycase I was not able to make cifs.ko hang during any of my tests.

I would be curious to see a network trace of your scenario.

--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@vger.kernel.org More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-- Attachment #2: smb-4.4-ssp.pcap --]
[-- Type: application/octet-stream, Size: 3304 bytes --]

[-- Attachment #3: smb-3.10-ssp.pcap --]
[-- Type: application/octet-stream, Size: 2734 bytes --]

RE: [PATCH] CIFS: handle guest access errors to Windows shares

[Aurélien Aptel]

[-- Attachment #1: Type: text/plain, Size: 1413 bytes --]

Hi Mark,

New setup

  PS> net user guest /activate:no
  PS> mkdir C:\guestshare
  PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
  PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess Everyone

I've tested v3.10, v4.4, master, master+your patch using default options
(empty or no user "NU") and user=abc (U).

NT_LOGON_FAILURE in session setup: LF
This is what you seem to have in 3.10.

NT_ACCESS_DENIED in tree connect to the share: AD
This is what you get before your infinite loop.

             |   NU       U
-------------------------------- 
3.10         |   LF       LF
4.4          |   LF       LF
master       |   AD       LF
master+patch |   AD       LF

No infinite DFS loop :(
All these issues result in mount failing very fast with permission denied.

I guess it could be from either the Windows version or the share/folder
ACL. A deeper analysis of the packets might reveal more.

In any case I did not notice any issues for on a basic DFS setup with
the patch so I don't think it introduced any regressions, which is
probably all that matters. It still bothers me a little I couldn't hit
the bug.

I've included kernel output w/ debugging output and network capture of
my tests if anyone want to have a look at it. (master+patch = ml-guestfix).

Reviewed-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
Tested-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>


[-- Attachment #2: v3.10_nouser.out --]
[-- Type: text/plain, Size: 4000 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Anonymous login
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: secFlags 0x81
fs/cifs/cifssmb.c: NTLMSSP only mechanism, enable extended security
fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 148
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 3
fs/cifs/sess.c: ntlmssp session setup phase 1
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=186
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: bleft 135
fs/cifs/sess.c: serverOS=Windows Server 2016 Standard 14393
fs/cifs/sess.c: serverNOS=Windows Server 2016 Standard 6.3
fs/cifs/sess.c: ssetup freeing small buf ffff880004548540
fs/cifs/sess.c: ntlmssp session setup phase 3
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=402
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
fs/cifs/netmisc.c: Mapping smb error code 0xc000006d to POSIX err -13
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: ssetup freeing small buf ffff8800045488c0
CIFS VFS: Send error in SessSetup = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
Power down.

[-- Attachment #3: v3.10_nouser.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 1988 bytes --]

[-- Attachment #4: v3.10_user.out --]
[-- Type: text/plain, Size: 4010 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw,user=abc
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=abc,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Username: abc
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: secFlags 0x81
fs/cifs/cifssmb.c: NTLMSSP only mechanism, enable extended security
fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 148
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 3
fs/cifs/sess.c: ntlmssp session setup phase 1
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=186
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: bleft 135
fs/cifs/sess.c: serverOS=Windows Server 2016 Standard 14393
fs/cifs/sess.c: serverNOS=Windows Server 2016 Standard 6.3
fs/cifs/sess.c: ssetup freeing small buf ffff880004525540
fs/cifs/sess.c: ntlmssp session setup phase 3
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=406
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
fs/cifs/netmisc.c: Mapping smb error code 0xc000006d to POSIX err -13
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: ssetup freeing small buf ffff8800045258c0
CIFS VFS: Send error in SessSetup = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
Power down.

[-- Attachment #5: v3.10_user.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 1992 bytes --]

[-- Attachment #6: v4.4_nouser.out --]
[-- Type: text/plain, Size: 3783 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Anonymous login
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: Requesting extended security.
fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 153
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 4
fs/cifs/sess.c: rawntlmssp session setup negotiate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=184
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: rawntlmssp session setup challenge phase
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: rawntlmssp session setup authenticate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=400
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
fs/cifs/netmisc.c: Mapping smb error code 0xc000006d to POSIX err -13
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
CIFS VFS: Send error in SessSetup = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
sysrq: SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
reboot: Power down

[-- Attachment #7: v4.4_nouser.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 1988 bytes --]

[-- Attachment #8: v4.4_user.out --]
[-- Type: text/plain, Size: 3793 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw,user=abc
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=abc,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Username: abc
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: Requesting extended security.
fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 153
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 4
fs/cifs/sess.c: rawntlmssp session setup negotiate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=184
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: rawntlmssp session setup challenge phase
fs/cifs/sess.c: UID = 8193
fs/cifs/sess.c: rawntlmssp session setup authenticate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=404
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
fs/cifs/netmisc.c: Mapping smb error code 0xc000006d to POSIX err -13
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
CIFS VFS: Send error in SessSetup = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
sysrq: SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
reboot: Power down

[-- Attachment #9: v4.4_user.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 1992 bytes --]

[-- Attachment #10: master_nouser.out --]
[-- Type: text/plain, Size: 5858 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'random: fast init done

++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Anonymous login
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: Requesting extended security.fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 153
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 4
fs/cifs/sess.c: rawntlmssp session setup negotiate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=194
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: rawntlmssp session setup challenge phase
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: rawntlmssp session setup authenticate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=254
fs/cifs/connect.c: RFC1002 header 0xb3
fs/cifs/misc.c: checkSMB Length: 0xb7, smb_buf_length: 0xb3
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: bleft 135
fs/cifs/sess.c: serverOS=Windows Server 2016 Standard 14393
fs/cifs/sess.c: serverNOS=Windows Server 2016 Standard 6.3
fs/cifs/sess.c: CIFS session established successfully
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = 0
fs/cifs/connect.c: CIFS VFS: in cifs_get_tcon as Xid: 2 with uid: 0
fs/cifs/transport.c: For smb_command 117
fs/cifs/transport.c: Sending smb: smb_len=90
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=117 mid=4 state=4
CIFS VFS: SMB signature verification returned error = -13
fs/cifs/netmisc.c: Mapping smb error code 0xc0000022 to POSIX err -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_tcon (xid = 2) rc = -13
fs/cifs/connect.c: Tcon rc = -13
fs/cifs/connect.c: build_unc_path_to_root: full_path=\\WS2016\guestshare
fs/cifs/transport.c: For smb_command 117
fs/cifs/transport.c: Sending smb: smb_len=92
fs/cifs/connect.c: RFC1002 header 0x38
fs/cifs/misc.c: checkSMB Length: 0x3c, smb_buf_length: 0x38
fs/cifs/transport.c: cifs_sync_mid_result: cmd=117 mid=5 state=4
CIFS VFS: SMB signature verification returned error = -13
fs/cifs/connect.c: Tcon rc = 0 ipc_tid = 4100
fs/cifs/cifssmb.c: In GetDFSRefer the path \WS2016\guestshare
fs/cifs/transport.c: For smb_command 50
fs/cifs/transport.c: Sending smb: smb_len=108
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/smb1ops.c: invalid transact2 word count
fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=6 state=4
CIFS VFS: SMB signature verification returned error = -13
fs/cifs/netmisc.c: Mapping smb error code 0xc0000225 to POSIX err -5
fs/cifs/cifssmb.c: Send error in GetDFSRefer = -5
fs/cifs/connect.c: cifs_put_smb_ses: ses_count=1
fs/cifs/connect.c: CIFS VFS: in cifs_put_smb_ses as Xid: 3 with uid: 0
fs/cifs/cifssmb.c: In SMBLogoff for session disconnect
fs/cifs/transport.c: For smb_command 116
fs/cifs/transport.c: Sending smb: smb_len=39
fs/cifs/connect.c: RFC1002 header 0x27
fs/cifs/misc.c: checkSMB Length: 0x2b, smb_buf_length: 0x27
fs/cifs/transport.c: cifs_sync_mid_result: cmd=116 mid=7 state=4
CIFS VFS: SMB signature verification returned error = -13
SendRcvNoRsp flags 64 rc 0
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
sysrq: SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
reboot: Power down

[-- Attachment #11: master_nouser.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 3320 bytes --]

[-- Attachment #12: master_user.out --]
[-- Type: text/plain, Size: 3815 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw,user=abc
random: fast init done
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=abc,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Username: abc
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: Requesting extended security.fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 153
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 4
fs/cifs/sess.c: rawntlmssp session setup negotiate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=194
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: rawntlmssp session setup challenge phase
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: rawntlmssp session setup authenticate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=414
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
fs/cifs/netmisc.c: Mapping smb error code 0xc000006d to POSIX err -13
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
CIFS VFS: Send error in SessSetup = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
sysrq: SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
reboot: Power down

[-- Attachment #13: master_user.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 2008 bytes --]

[-- Attachment #14: ml-guestfix_nouser.out --]
[-- Type: text/plain, Size: 4895 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw
ip address 10.160.65.202 override specified
random: fast init done
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Anonymous login
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: Requesting extended security.fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 153
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 4
fs/cifs/sess.c: rawntlmssp session setup negotiate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=194
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: rawntlmssp session setup challenge phase
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: rawntlmssp session setup authenticate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=254
fs/cifs/connect.c: RFC1002 header 0xb3
fs/cifs/misc.c: checkSMB Length: 0xb7, smb_buf_length: 0xb3
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: bleft 135
fs/cifs/sess.c: serverOS=Windows Server 2016 Standard 14393
fs/cifs/sess.c: serverNOS=Windows Server 2016 Standard 6.3
fs/cifs/sess.c: CIFS session established successfully
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = 0
fs/cifs/connect.c: CIFS VFS: in cifs_get_tcon as Xid: 2 with uid: 0
fs/cifs/transport.c: For smb_command 117
fs/cifs/transport.c: Sending smb: smb_len=90
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=117 mid=4 state=4
CIFS VFS: SMB signature verification returned error = -13
fs/cifs/netmisc.c: Mapping smb error code 0xc0000022 to POSIX err -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_tcon (xid = 2) rc = -13
fs/cifs/connect.c: Tcon rc = -13
fs/cifs/connect.c: cifs_put_smb_ses: ses_count=1
fs/cifs/connect.c: CIFS VFS: in cifs_put_smb_ses as Xid: 3 with uid: 0
fs/cifs/cifssmb.c: In SMBLogoff for session disconnect
fs/cifs/transport.c: For smb_command 116
fs/cifs/transport.c: Sending smb: smb_len=39
fs/cifs/connect.c: RFC1002 header 0x27
fs/cifs/misc.c: checkSMB Length: 0x2b, smb_buf_length: 0x27
fs/cifs/transport.c: cifs_sync_mid_result: cmd=116 mid=5 state=4
CIFS VFS: SMB signature verification returned error = -13
SendRcvNoRsp flags 64 rc 0
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
sysrq: SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
reboot: Power down

[-- Attachment #15: ml-guestfix_nouser.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 2612 bytes --]

[-- Attachment #16: ml-guestfix_user.out --]
[-- Type: text/plain, Size: 3815 bytes --]

!! BOOT SCRIPT !!
-------------------

++ echo 10.160.65.202 WS2016
++ modprobe e1000
++ modprobe cifs
++ mount -t debugfs none /sys/kernel/debug
++ echo 'create      cifs.spnego    * * /usr/sbin/cifs.upcall %k'
++ echo 'create      dns_resolver   * * /usr/sbin/cifs.upcall %k'
++ echo 'module cifs +p'
++ echo 'file fs/cifs/* +p'
++ echo 1
++ echo 8
++ echo 1
++ mkdir -p /mnt
++ echo 'echo 1 > /proc/sys/kernel/sysrq && echo o > /proc/sysrq-trigger'
random: fast init done
++ chmod a+x /bin/sd
++ mount -t cifs -vvv //WS2016/guestshare /mnt -o ip=10.160.65.202,guest,rw,user=abc
ip address 10.160.65.202 override specified
mount.cifs kernel mount options: ip=10.160.65.202,unc=\\WS2016\guestshare,user=abc,pass=********
fs/cifs/cifsfs.c: Devname: //WS2016/guestshare flags: 0
address conversion returned 1 for 10.160.65.202
fs/cifs/connect.c: Username: abc
fs/cifs/connect.c: file mode: 0x1ed  dir mode: 0x1ed
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 0 with uid: 0
fs/cifs/connect.c: UNC: \\WS2016\guestshare
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 1 with uid: 0
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/cifssmb.c: Requesting extended security.fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: smb_len=69
fs/cifs/connect.c: Demultiplex PID: 153
fs/cifs/connect.c: RFC1002 header 0xcd
fs/cifs/misc.c: checkSMB Length: 0xd1, smb_buf_length: 0xcd
fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
fs/cifs/cifssmb.c: Dialect: 2
Max buf = 16644
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 8 oid = 0x1 0x2 0x348 0x1bb92
fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x8001f3fc TimeAdjust: 28800
fs/cifs/sess.c: sess setup type 4
fs/cifs/sess.c: rawntlmssp session setup negotiate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=194
fs/cifs/connect.c: RFC1002 header 0x163
fs/cifs/misc.c: checkSMB Length: 0x167, smb_buf_length: 0x163
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
fs/cifs/netmisc.c: Mapping smb error code 0xc0000016 to POSIX err -5
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: rawntlmssp session setup challenge phase
fs/cifs/sess.c: UID = 8192
fs/cifs/sess.c: rawntlmssp session setup authenticate phase
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: smb_len=414
fs/cifs/connect.c: RFC1002 header 0x23
fs/cifs/misc.c: checkSMB Length: 0x27, smb_buf_length: 0x23
fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=3 state=4
Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
fs/cifs/netmisc.c: Mapping smb error code 0xc000006d to POSIX err -13
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
CIFS VFS: Send error in SessSetup = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 1) rc = -13
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 0) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
++ sleep 2
++ sd
sysrq: SysRq : Power Off
++ set +x


Generating "/run/initramfs/rdsosreport.txt"
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.

To get more debug information in the report,
reboot with "rd.debug" added to the kernel command line.

Dropping to debug shell.

dracut:/# ACPI: Preparing to enter system sleep state S5
reboot: Power down

[-- Attachment #17: ml-guestfix_user.pcap --]
[-- Type: application/vnd.tcpdump.pcap, Size: 2008 bytes --]

[-- Attachment #18: Type: text/plain, Size: 245 bytes --]


-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

RE: [PATCH] CIFS: handle guest access errors to Windows shares

[Mark Syms]

Hi,

I've just tried a plain vanilla Debian testing machine with the vendor 4.8.0 kernel and the issue reproduces.

Now, interestingly, if I issue the same mount command to a WS2016 machine configured in the same way as a Win8.1 machine it fails with permission denied as we'd expect and doesn't go into the DFS chase process. So, this appears to be something that is specific to connecting SMB to client grade OS machines.

	Mark

-----Original Message-----
From: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org [mailto:linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org] On Behalf Of Aurélien Aptel
Sent: 30 November 2016 17:32
To: Mark Syms <Mark.Syms-Sxgqhf6Nn4DQT0dZR+AlfA@public.gmane.org>; sfrench-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org; linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: RE: [PATCH] CIFS: handle guest access errors to Windows shares

Hi Mark,

New setup

  PS> net user guest /activate:no
  PS> mkdir C:\guestshare
  PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
  PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess Everyone

I've tested v3.10, v4.4, master, master+your patch using default options (empty or no user "NU") and user=abc (U).

NT_LOGON_FAILURE in session setup: LF
This is what you seem to have in 3.10.

NT_ACCESS_DENIED in tree connect to the share: AD This is what you get before your infinite loop.

             |   NU       U
-------------------------------- 
3.10         |   LF       LF
4.4          |   LF       LF
master       |   AD       LF
master+patch |   AD       LF

No infinite DFS loop :(
All these issues result in mount failing very fast with permission denied.

I guess it could be from either the Windows version or the share/folder ACL. A deeper analysis of the packets might reveal more.

In any case I did not notice any issues for on a basic DFS setup with the patch so I don't think it introduced any regressions, which is probably all that matters. It still bothers me a little I couldn't hit the bug.

I've included kernel output w/ debugging output and network capture of my tests if anyone want to have a look at it. (master+patch = ml-guestfix).

Reviewed-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
Tested-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>

Re: [PATCH] CIFS: handle guest access errors to Windows shares

[Steve French]

Note that we have seen negotiate differences - spnego encapsulated
ntlmssp vs. raw ntlmssp - between standalone servers (and Windows
clients acting as a server) and Windows servers acting as an AD DC.

Also note that comparing the same os in the client vs server
comparison (Windows 10 vs Windows 2016) could help determine if server
vs. client difference or version difference.

On Fri, Dec 2, 2016 at 10:25 AM, Mark Syms <Mark.Syms-Sxgqhf6Nn4DQT0dZR+AlfA@public.gmane.org> wrote:
> Hi,
>
> I've just tried a plain vanilla Debian testing machine with the vendor 4.8.0 kernel and the issue reproduces.
>
> Now, interestingly, if I issue the same mount command to a WS2016 machine configured in the same way as a Win8.1 machine it fails with permission denied as we'd expect and doesn't go into the DFS chase process. So, this appears to be something that is specific to connecting SMB to client grade OS machines.
>
>         Mark
>
> -----Original Message-----
> From: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org [mailto:linux-cifs-owner-u79uwXL29Tb/PtFMR13I2A@public.gmane.orgel.org] On Behalf Of Aurélien Aptel
> Sent: 30 November 2016 17:32
> To: Mark Syms <Mark.Syms-Sxgqhf6Nn4DQT0dZR+AlfA@public.gmane.org>; sfrench-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org; linux-cifs@vger.kernel.org
> Subject: RE: [PATCH] CIFS: handle guest access errors to Windows shares
>
> Hi Mark,
>
> New setup
>
>   PS> net user guest /activate:no
>   PS> mkdir C:\guestshare
>   PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
>   PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess Everyone
>
> I've tested v3.10, v4.4, master, master+your patch using default options (empty or no user "NU") and user=abc (U).
>
> NT_LOGON_FAILURE in session setup: LF
> This is what you seem to have in 3.10.
>
> NT_ACCESS_DENIED in tree connect to the share: AD This is what you get before your infinite loop.
>
>              |   NU       U
> --------------------------------
> 3.10         |   LF       LF
> 4.4          |   LF       LF
> master       |   AD       LF
> master+patch |   AD       LF
>
> No infinite DFS loop :(
> All these issues result in mount failing very fast with permission denied.
>
> I guess it could be from either the Windows version or the share/folder ACL. A deeper analysis of the packets might reveal more.
>
> In any case I did not notice any issues for on a basic DFS setup with the patch so I don't think it introduced any regressions, which is probably all that matters. It still bothers me a little I couldn't hit the bug.
>
> I've included kernel output w/ debugging output and network capture of my tests if anyone want to have a look at it. (master+patch = ml-guestfix).
>
> Reviewed-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
> Tested-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Thanks,

Steve

RE: [PATCH] CIFS: handle guest access errors to Windows shares

[Mark Syms]

OK, I'll spin up a Win 10 machine and see how that behaves and then a WS2012R2.

	Mark.

-----Original Message-----
From: Steve French [mailto:smfrench@gmail.com] 
Sent: 02 December 2016 16:42
To: Mark Syms <Mark.Syms@citrix.com>
Cc: Aurélien Aptel <aaptel@suse.com>; sfrench@samba.org; linux-cifs@vger.kernel.org
Subject: Re: [PATCH] CIFS: handle guest access errors to Windows shares

Note that we have seen negotiate differences - spnego encapsulated ntlmssp vs. raw ntlmssp - between standalone servers (and Windows clients acting as a server) and Windows servers acting as an AD DC.

Also note that comparing the same os in the client vs server comparison (Windows 10 vs Windows 2016) could help determine if server vs. client difference or version difference.

On Fri, Dec 2, 2016 at 10:25 AM, Mark Syms <Mark.Syms@citrix.com> wrote:
> Hi,
>
> I've just tried a plain vanilla Debian testing machine with the vendor 4.8.0 kernel and the issue reproduces.
>
> Now, interestingly, if I issue the same mount command to a WS2016 machine configured in the same way as a Win8.1 machine it fails with permission denied as we'd expect and doesn't go into the DFS chase process. So, this appears to be something that is specific to connecting SMB to client grade OS machines.
>
>         Mark
>
> -----Original Message-----
> From: linux-cifs-owner@vger.kernel.org 
> [mailto:linux-cifs-owner@vger.kernel.org] On Behalf Of Aurélien Aptel
> Sent: 30 November 2016 17:32
> To: Mark Syms <Mark.Syms@citrix.com>; sfrench@samba.org; 
> linux-cifs@vger.kernel.org
> Subject: RE: [PATCH] CIFS: handle guest access errors to Windows 
> shares
>
> Hi Mark,
>
> New setup
>
>   PS> net user guest /activate:no
>   PS> mkdir C:\guestshare
>   PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
>   PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess 
> Everyone
>
> I've tested v3.10, v4.4, master, master+your patch using default options (empty or no user "NU") and user=abc (U).
>
> NT_LOGON_FAILURE in session setup: LF
> This is what you seem to have in 3.10.
>
> NT_ACCESS_DENIED in tree connect to the share: AD This is what you get before your infinite loop.
>
>              |   NU       U
> --------------------------------
> 3.10         |   LF       LF
> 4.4          |   LF       LF
> master       |   AD       LF
> master+patch |   AD       LF
>
> No infinite DFS loop :(
> All these issues result in mount failing very fast with permission denied.
>
> I guess it could be from either the Windows version or the share/folder ACL. A deeper analysis of the packets might reveal more.
>
> In any case I did not notice any issues for on a basic DFS setup with the patch so I don't think it introduced any regressions, which is probably all that matters. It still bothers me a little I couldn't hit the bug.
>
> I've included kernel output w/ debugging output and network capture of my tests if anyone want to have a look at it. (master+patch = ml-guestfix).
>
> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
> Tested-by: Aurelien Aptel <aaptel@suse.com>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" 
> in the body of a message to majordomo@vger.kernel.org More majordomo 
> info at  http://vger.kernel.org/majordomo-info.html



--
Thanks,

Steve

RE: [PATCH] CIFS: handle guest access errors to Windows shares

[Mark Syms]

Filling out the set

Tested Win10 1607 and this has the loop behaviour
Tested WS2012R2 and this fails with permission denied

I think this is sufficient to say that there is some definitively different behaviour between server and client versions of Windows in this area.

Complete set

Win7 - fails with permission denied (but it turns out this is because the DFS was attempted and Win7 doesn't deal with that)
Win 8.1 - loops in DFS refer
Win 10 - loops in DFS refer
WS2012R2 - fails with permission denied
WS2016 - fails with permission denied.

Thanks,

	Mark.

-----Original Message-----
From: Mark Syms 
Sent: 02 December 2016 16:45
To: 'Steve French' <smfrench@gmail.com>
Cc: Aurélien Aptel <aaptel@suse.com>; sfrench@samba.org; linux-cifs@vger.kernel.org
Subject: RE: [PATCH] CIFS: handle guest access errors to Windows shares

OK, I'll spin up a Win 10 machine and see how that behaves and then a WS2012R2.

	Mark.

-----Original Message-----
From: Steve French [mailto:smfrench@gmail.com]
Sent: 02 December 2016 16:42
To: Mark Syms <Mark.Syms@citrix.com>
Cc: Aurélien Aptel <aaptel@suse.com>; sfrench@samba.org; linux-cifs@vger.kernel.org
Subject: Re: [PATCH] CIFS: handle guest access errors to Windows shares

Note that we have seen negotiate differences - spnego encapsulated ntlmssp vs. raw ntlmssp - between standalone servers (and Windows clients acting as a server) and Windows servers acting as an AD DC.

Also note that comparing the same os in the client vs server comparison (Windows 10 vs Windows 2016) could help determine if server vs. client difference or version difference.

On Fri, Dec 2, 2016 at 10:25 AM, Mark Syms <Mark.Syms@citrix.com> wrote:
> Hi,
>
> I've just tried a plain vanilla Debian testing machine with the vendor 4.8.0 kernel and the issue reproduces.
>
> Now, interestingly, if I issue the same mount command to a WS2016 machine configured in the same way as a Win8.1 machine it fails with permission denied as we'd expect and doesn't go into the DFS chase process. So, this appears to be something that is specific to connecting SMB to client grade OS machines.
>
>         Mark
>
> -----Original Message-----
> From: linux-cifs-owner@vger.kernel.org 
> [mailto:linux-cifs-owner@vger.kernel.org] On Behalf Of Aurélien Aptel
> Sent: 30 November 2016 17:32
> To: Mark Syms <Mark.Syms@citrix.com>; sfrench@samba.org; 
> linux-cifs@vger.kernel.org
> Subject: RE: [PATCH] CIFS: handle guest access errors to Windows 
> shares
>
> Hi Mark,
>
> New setup
>
>   PS> net user guest /activate:no
>   PS> mkdir C:\guestshare
>   PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
>   PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess 
> Everyone
>
> I've tested v3.10, v4.4, master, master+your patch using default options (empty or no user "NU") and user=abc (U).
>
> NT_LOGON_FAILURE in session setup: LF
> This is what you seem to have in 3.10.
>
> NT_ACCESS_DENIED in tree connect to the share: AD This is what you get before your infinite loop.
>
>              |   NU       U
> --------------------------------
> 3.10         |   LF       LF
> 4.4          |   LF       LF
> master       |   AD       LF
> master+patch |   AD       LF
>
> No infinite DFS loop :(
> All these issues result in mount failing very fast with permission denied.
>
> I guess it could be from either the Windows version or the share/folder ACL. A deeper analysis of the packets might reveal more.
>
> In any case I did not notice any issues for on a basic DFS setup with the patch so I don't think it introduced any regressions, which is probably all that matters. It still bothers me a little I couldn't hit the bug.
>
> I've included kernel output w/ debugging output and network capture of my tests if anyone want to have a look at it. (master+patch = ml-guestfix).
>
> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
> Tested-by: Aurelien Aptel <aaptel@suse.com>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" 
> in the body of a message to majordomo@vger.kernel.org More majordomo 
> info at  http://vger.kernel.org/majordomo-info.html



--
Thanks,

Steve

Re: [PATCH] CIFS: handle guest access errors to Windows shares

[Pavel Shilovsky]

2016-11-29 3:36 GMT-08:00 Mark Syms <mark.syms-Sxgqhf6Nn4DQT0dZR+AlfA@public.gmane.org>:
> Commit 1a967d6c9b39c226be1b45f13acd4d8a5ab3dc44 ("correctly to
> anonymous authentication for the NTLM(v2) authentication") introduces
> a regression in handling errors related to attempting a guest
> connection to a Windows share which requires authentication. This
> should result in a permission denied error but actually causes the
> kernel module to enter a never-ending loop trying to follow a DFS
> referal which doesn't exist.
>
> The base cause of this is the failure now occurs later in the process
> during tree connect and not at the session setup setup and all errors
> in tree connect are interpreted as needing to follow the DFS paths
> which isn't in this case correct. So, check the returned error against
> EACCES and fail if this is returned error.
> ---
>  fs/cifs/connect.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 4547aed..a1737aa 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -3651,6 +3651,9 @@ cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info)
>         if (IS_ERR(tcon)) {
>                 rc = PTR_ERR(tcon);
>                 tcon = NULL;
> +               if (rc == -EACCES) {
> +                       goto mount_fail_check;
> +               }
>                 goto remote_path_check;
>         }
>
> --
> 2.10.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Acked-by: Pavel Shilovsky <pshilov-0li6OtcxBFHby3iVrkZq2A@public.gmane.org>

--
Best regards,
Pavel Shilovsky

Re: [PATCH] CIFS: handle guest access errors to Windows shares

[Steve French]

merged into cifs-2.6.git for-next and cc: stable

Good catch - thx

On Wed, Nov 30, 2016 at 11:32 AM, Aurélien Aptel <aaptel-IBi9RG/b67k@public.gmane.org> wrote:
> Hi Mark,
>
> New setup
>
>   PS> net user guest /activate:no
>   PS> mkdir C:\guestshare
>   PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F'
>   PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess Everyone
>
> I've tested v3.10, v4.4, master, master+your patch using default options
> (empty or no user "NU") and user=abc (U).
>
> NT_LOGON_FAILURE in session setup: LF
> This is what you seem to have in 3.10.
>
> NT_ACCESS_DENIED in tree connect to the share: AD
> This is what you get before your infinite loop.
>
>              |   NU       U
> --------------------------------
> 3.10         |   LF       LF
> 4.4          |   LF       LF
> master       |   AD       LF
> master+patch |   AD       LF
>
> No infinite DFS loop :(
> All these issues result in mount failing very fast with permission denied.
>
> I guess it could be from either the Windows version or the share/folder
> ACL. A deeper analysis of the packets might reveal more.
>
> In any case I did not notice any issues for on a basic DFS setup with
> the patch so I don't think it introduced any regressions, which is
> probably all that matters. It still bothers me a little I couldn't hit
> the bug.
>
> I've included kernel output w/ debugging output and network capture of
> my tests if anyone want to have a look at it. (master+patch = ml-guestfix).
>
> Reviewed-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
> Tested-by: Aurelien Aptel <aaptel-IBi9RG/b67k@public.gmane.org>
>
>
>
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
>



-- 
Thanks,

Steve