smb: client: fix DFS mount against old servers with NTLMSSP

Old Windows servers will return not fully qualified DFS targets by default as specified in MS-DFSC 3.2.5.5 Receiving a Root Referral Request or Link Referral Request | Servers SHOULD<30> return fully qualified DNS host names of | targets in responses to root referral requests and link referral | requests. | ... | <30> Section 3.2.5.5: By default, Windows Server 2003, Windows | Server 2008, Windows Server 2008 R2, Windows Server 2012, and | Windows Server 2012 R2 return DNS host names that are not fully | qualified for targets. Fix this by converting all NetBIOS host names from DFS targets to FQDNs and try resolving them first if DNS domain name was provided in NTLMSSP CHALLENGE_MESSAGE message from previous SMB2_SESSION_SETUP. This also prevents the client from translating the DFS target hostnames to another domain depending on the network domain search order. Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com> Signed-off-by: Steve French <stfrench@microsoft.com>
author: Paulo Alcantara <pc@manguebit.com> 2025-01-03 16:58:12 -0300
committer: Steve French <stfrench@microsoft.com> 2025-01-19 19:34:00 -0600
commit: ad46faff1afcc8db72f9954a6ea2296d31259217 (patch)
tree: 7938327a62e8c35757874d52a965e84029f71c26 /fs/smb/client/dns_resolve.c
parent: 0e8ae9b953bc2c12aebd21e1e552e5deb1a0ff1e (diff)
1 files changed, 60 insertions, 42 deletions
diff --git a/fs/smb/client/dns_resolve.c b/fs/smb/client/dns_resolve.c
index 8bf8978bc5d6..83db27f9c8f1 100644
--- a/fs/smb/client/dns_resolve.c
+++ b/fs/smb/client/dns_resolve.c
@@ -20,69 +20,87 @@
 #include "cifsproto.h"
 #include "cifs_debug.h"
 
+static int resolve_name(const char *name, size_t namelen,
+			struct sockaddr *addr, time64_t *expiry)
+{
+	char *ip;
+	int rc;
+
+	rc = dns_query(current->nsproxy->net_ns, NULL, name,
+		       namelen, NULL, &ip, expiry, false);
+	if (rc < 0) {
+		cifs_dbg(FYI, "%s: unable to resolve: %*.*s\n",
+			 __func__, (int)namelen, (int)namelen, name);
+	} else {
+		cifs_dbg(FYI, "%s: resolved: %*.*s to %s expiry %llu\n",
+			 __func__, (int)namelen, (int)namelen, name, ip,
+			 expiry ? (*expiry) : 0);
+
+		rc = cifs_convert_address(addr, ip, strlen(ip));
+		kfree(ip);
+		if (!rc) {
+			cifs_dbg(FYI, "%s: unable to determine ip address\n",
+				 __func__);
+			rc = -EHOSTUNREACH;
+		} else {
+			rc = 0;
+		}
+	}
+	return rc;
+}
+
 /**
  * dns_resolve_server_name_to_ip - Resolve UNC server name to ip address.
+ * @dom: optional DNS domain name
  * @unc: UNC path specifying the server (with '/' as delimiter)
  * @ip_addr: Where to return the IP address.
  * @expiry: Where to return the expiry time for the dns record.
  *
  * Returns zero success, -ve on error.
  */
-int
-dns_resolve_server_name_to_ip(const char *unc, struct sockaddr *ip_addr, time64_t *expiry)
+int dns_resolve_server_name_to_ip(const char *dom, const char *unc,
+				  struct sockaddr *ip_addr, time64_t *expiry)
 {
-	const char *hostname, *sep;
-	char *ip;
-	int len, rc;
+	const char *name;
+	size_t namelen, len;
+	char *s;
+	int rc;
 
 	if (!ip_addr || !unc)
 		return -EINVAL;
 
-	len = strlen(unc);
-	if (len < 3) {
-		cifs_dbg(FYI, "%s: unc is too short: %s\n", __func__, unc);
+	cifs_dbg(FYI, "%s: dom=%s unc=%s\n", __func__, dom, unc);
+	if (strlen(unc) < 3)
 		return -EINVAL;
-	}
-
-	/* Discount leading slashes for cifs */
-	len -= 2;
-	hostname = unc + 2;
 
-	/* Search for server name delimiter */
-	sep = memchr(hostname, '/', len);
-	if (sep)
-		len = sep - hostname;
-	else
-		cifs_dbg(FYI, "%s: probably server name is whole unc: %s\n",
-			 __func__, unc);
+	extract_unc_hostname(unc, &name, &namelen);
+	if (!namelen)
+		return -EINVAL;
 
+	cifs_dbg(FYI, "%s: hostname=%.*s\n", __func__, (int)namelen, name);
 	/* Try to interpret hostname as an IPv4 or IPv6 address */
-	rc = cifs_convert_address(ip_addr, hostname, len);
+	rc = cifs_convert_address(ip_addr, name, namelen);
 	if (rc > 0) {
-		cifs_dbg(FYI, "%s: unc is IP, skipping dns upcall: %*.*s\n", __func__, len, len,
-			 hostname);
+		cifs_dbg(FYI, "%s: unc is IP, skipping dns upcall: %*.*s\n",
+			 __func__, (int)namelen, (int)namelen, name);
 		return 0;
 	}
 
-	/* Perform the upcall */
-	rc = dns_query(current->nsproxy->net_ns, NULL, hostname, len,
-		       NULL, &ip, expiry, false);
-	if (rc < 0) {
-		cifs_dbg(FYI, "%s: unable to resolve: %*.*s\n",
-			 __func__, len, len, hostname);
-	} else {
-		cifs_dbg(FYI, "%s: resolved: %*.*s to %s expiry %llu\n",
-			 __func__, len, len, hostname, ip,
-			 expiry ? (*expiry) : 0);
-
-		rc = cifs_convert_address(ip_addr, ip, strlen(ip));
-		kfree(ip);
+	/*
+	 * If @name contains a NetBIOS name and @dom has been specified, then
+	 * convert @name to an FQDN and try resolving it first.
+	 */
+	if (dom && *dom && cifs_netbios_name(name, namelen)) {
+		len = strnlen(dom, CIFS_MAX_DOMAINNAME_LEN) + namelen + 2;
+		s = kmalloc(len, GFP_KERNEL);
+		if (!s)
+			return -ENOMEM;
 
-		if (!rc) {
-			cifs_dbg(FYI, "%s: unable to determine ip address\n", __func__);
-			rc = -EHOSTUNREACH;
-		} else
-			rc = 0;
+		scnprintf(s, len, "%.*s.%s", (int)namelen, name, dom);
+		rc = resolve_name(s, len - 1, ip_addr, expiry);
+		kfree(s);
+		if (!rc)
+			return 0;
 	}
-	return rc;
+	return resolve_name(name, namelen, ip_addr, expiry);
 }
author	Paulo Alcantara <pc@manguebit.com>	2025-01-03 16:58:12 -0300
committer	Steve French <stfrench@microsoft.com>	2025-01-19 19:34:00 -0600
commit	ad46faff1afcc8db72f9954a6ea2296d31259217 (patch)
tree	7938327a62e8c35757874d52a965e84029f71c26 /fs/smb/client/dns_resolve.c
parent	0e8ae9b953bc2c12aebd21e1e552e5deb1a0ff1e (diff)