View Issue Details

IDProjectCategoryView StatusLast Update
0003369CentOS-5kernelpublic2009-10-17 22:38
Reportertru 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version5.2 
Target VersionFixed in Version5.4 
Summary0003369: Clear-text password connection (cifs) failure
Descriptionupstream bug listed at https://bugzilla.samba.org/show_bug.cgi?id=5319
confirmed on CentOS-5.2
Additional Information2 lines patches as provided from the samba team
Tagsfixed in 5.4

Relationships

related to 0003370 resolvedJohnnyHughes CentOS-4 cifs issue on plaintext authentification 

Activities

2009-01-28 16:36

 

cifs-bugzilla-5319.patch (1,286 bytes)
diff -uNr linux-2.6.18.x86_64/fs/cifs/cifsencrypt.c linux-2.6.18.x86_64.new/fs/cifs/cifsencrypt.c
--- linux-2.6.18.x86_64/fs/cifs/cifsencrypt.c	2009-01-27 12:52:48.000000000 +0100
+++ linux-2.6.18.x86_64.new/fs/cifs/cifsencrypt.c	2009-01-27 13:20:20.000000000 +0100
@@ -293,6 +293,10 @@
 
 	if ((ses->server->secMode & SECMODE_PW_ENCRYPT) == 0)
 		if (extended_security & CIFSSEC_MAY_PLNTXT) {
+/* https://bugzilla.samba.org/attachment.cgi?id=3511&action=view
+   from https://bugzilla.samba.org/show_bug.cgi?id=5319
+   Tru 2009/01/27 */
+			memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE);
 			memcpy(lnm_session_key, password_with_pad,
 				CIFS_ENCPWD_SIZE);
 			return;
diff -uNr linux-2.6.18.x86_64/fs/cifs/sess.c linux-2.6.18.x86_64.new/fs/cifs/sess.c
--- linux-2.6.18.x86_64/fs/cifs/sess.c	2009-01-27 12:52:48.000000000 +0100
+++ linux-2.6.18.x86_64.new/fs/cifs/sess.c	2009-01-27 13:21:07.000000000 +0100
@@ -385,6 +385,10 @@
 	if (type == LANMAN) {
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 		char lnm_session_key[CIFS_SESS_KEY_SIZE];
+/* https://bugzilla.samba.org/attachment.cgi?id=3511&action=view
+   from https://bugzilla.samba.org/show_bug.cgi?id=5319
+   Tru 2009/01/27 */
+		pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
 
 		/* no capabilities flags in old lanman negotiation */
 
cifs-bugzilla-5319.patch (1,286 bytes)
tru

tru

2009-01-28 16:38

administrator   ~0008633

kmod-cifs for CentOS-5.2 x86_64 are provided at http://people.centos.org/tru/cifs-1.50cRHbz5319/
tru

tru

2009-01-28 16:44

administrator   ~0008634

testcase:
sudo modprobe cifs
echo 0x30030 | sudo tee /proc/fs/cifs/SecurityFlags
echo 1 | sudo tee /proc/fs/cifs/cifsFYI
cat /proc/fs/cifs/SecurityFlags /proc/fs/cifs/cifsFYI
echo mounting silo
sudo mount.cifs //netapp/share /silo -o user=tru,uid=500,gid=100,netbiosname=NETAPP,domain=WORKGROUP
df
ls -ld /silo/tru/*
tru

tru

2009-01-28 16:45

administrator   ~0008635

added upstream at https://bugzilla.redhat.com/show_bug.cgi?id=482872
toracat

toracat

2009-01-28 17:52

manager   ~0008637

This patch is going to be included in the upcoming *centosplus* 5.3 kernel. So, centosplus kernel users will automatically get the fix.
tru

tru

2009-01-28 23:01

administrator   ~0008639

see also https://bugzilla.redhat.com/show_bug.cgi?id=465143

http://people.redhat.com/jlayton/ has them already:
465143 019-bz-465143-cifs-fix-plaintext-a.patch
465143 020-bz-465143-cifs-turn-off-unicod.patch

are the same patches as included here
tru

tru

2009-01-28 23:33

administrator   ~0008640

Confirmed upstream and will be fixed for 5.4.
Probably won't make it in the 5.3 version, so we will need to maintain the kmod-cifs for the people who might need it and track https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=465143

2009-02-15 07:37

 

linux-2.6-centos-cifs-bug5319.patch (856 bytes)
As per: https://bugzilla.samba.org/show_bug.cgi?id=5319

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 83fd40d..bd5f13d 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -294,6 +294,7 @@
 
 	if ((ses->server->secMode & SECMODE_PW_ENCRYPT) == 0)
 		if (extended_security & CIFSSEC_MAY_PLNTXT) {
+			memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE);
 			memcpy(lnm_session_key, password_with_pad,
 				CIFS_ENCPWD_SIZE);
 			return;

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index b537fad..252fdc0 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -418,6 +418,8 @@
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 		char lnm_session_key[CIFS_SESS_KEY_SIZE];
 
+		pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
+
 		/* no capabilities flags in old lanman negotiation */
 
 		pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);

toracat

toracat

2009-02-15 07:39

manager   ~0008706

Revised patch to be included in the centosplus kernel 2.6.18-128.1.1 uploaded.

http://bugs.centos.org/file_download.php?file_id=637&type=bug
toracat

toracat

2009-02-19 06:57

manager   ~0008780

The patch has been included in the centosplus kernel (testing) 2.6.18-128.1.1.el5.centos.ayplus which is available at:

http://centos.toracat.org/kernel/centos5/5.3test/

Please test if you can. This kernel will be provided as an update to the upcoming 5.3 centosplus kernel.
tru

tru

2009-05-14 10:40

administrator   ~0009355

quick update:

I made a 5.2 kmod-cifs (based on the cifs module version 1.50cRH from the 2.6.18-92 series) which seems to be ok.
I upgraded to a 5.3 ( 1.54RH based in the 2.6.18-128 kernel series) which does NOT seem to work... :( (same patch applied)

reloading the 1.50cRH modded version on 2.6.18-128.* brings back the espected feature...
I will rebuild the 1.50cRH modded with the 2.6.18-128 toolchain and post the results.
tru

tru

2009-05-14 10:54

administrator   ~0009356

my bad, the patch were NOT applied correctly on the 5.3 based kmod-cifs rpm
tru

tru

2009-05-14 11:55

administrator   ~0009357

Last edited: 2009-05-14 12:22

%path macro flaw-> espect a bzip2 file when the source file was a bz2 file

toracat

toracat

2009-05-19 21:14

manager   ~0009370

5.3 centosplus test kernels (referenced in note #8780) have been removed from the site because they are no longer needed. The patch is in the official centosplus kernel.
toracat

toracat

2009-09-04 17:28

manager   ~0009885

The issue reported here is in the 5.4 kernel.

Issue History

Date Modified Username Field Change
2009-01-28 16:36 tru New Issue
2009-01-28 16:36 tru File Added: cifs-bugzilla-5319.patch
2009-01-28 16:38 tru Note Added: 0008633
2009-01-28 16:44 tru Note Added: 0008634
2009-01-28 16:45 tru Note Added: 0008635
2009-01-28 17:52 toracat Note Added: 0008637
2009-01-28 23:01 tru Note Added: 0008639
2009-01-28 23:33 tru Note Added: 0008640
2009-01-28 23:33 tru Status new => confirmed
2009-01-29 00:39 toracat Relationship added related to 0003370
2009-02-15 07:37 toracat File Added: linux-2.6-centos-cifs-bug5319.patch
2009-02-15 07:39 toracat Note Added: 0008706
2009-02-19 06:57 toracat Note Added: 0008780
2009-05-14 10:40 tru Note Added: 0009355
2009-05-14 10:54 tru Note Added: 0009356
2009-05-14 11:55 tru Note Added: 0009357
2009-05-14 12:22 tru Note Edited: 0009357
2009-05-19 21:14 toracat Note Added: 0009370
2009-09-04 17:28 toracat Note Added: 0009885
2009-09-04 17:28 toracat Tag Attached: fixed in 5.4
2009-10-17 22:38 range Status confirmed => closed
2009-10-17 22:38 range Resolution open => fixed
2009-10-17 22:38 range Fixed in Version => 5.4