mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 21:33:52 +00:00
smb3: do not allow insecure cifs mounts when using smb3
if mounting as smb3 do not allow cifs (vers=1.0) or insecure vers=2.0 mounts. For example: root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1 root@smf-Thinkpad-P51:~/cifs-2.6# umount /mnt root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=1.0 mount: /mnt: wrong fs type, bad option, bad superblock on //127.0.0.1/scratch ... root@smf-Thinkpad-P51:~/cifs-2.6# dmesg | grep smb3 [ 4302.200122] CIFS VFS: vers=1.0 (cifs) not permitted when mounting with smb3 root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=3.11 Signed-off-by: Steve French <stfrench@microsoft.com> Acked-by: Pavel Shilovsky <pshilov@microsoft.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Sachin Prabhu <sprabhu@redhat.com>
This commit is contained in:
parent
8ddecf5fd7
commit
c7c137b931
3 changed files with 36 additions and 14 deletions
|
@ -698,8 +698,8 @@ static int cifs_set_super(struct super_block *sb, void *data)
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct dentry *
|
static struct dentry *
|
||||||
cifs_do_mount(struct file_system_type *fs_type,
|
cifs_smb3_do_mount(struct file_system_type *fs_type,
|
||||||
int flags, const char *dev_name, void *data)
|
int flags, const char *dev_name, void *data, bool is_smb3)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
struct super_block *sb;
|
struct super_block *sb;
|
||||||
|
@ -710,7 +710,7 @@ cifs_do_mount(struct file_system_type *fs_type,
|
||||||
|
|
||||||
cifs_dbg(FYI, "Devname: %s flags: %d\n", dev_name, flags);
|
cifs_dbg(FYI, "Devname: %s flags: %d\n", dev_name, flags);
|
||||||
|
|
||||||
volume_info = cifs_get_volume_info((char *)data, dev_name);
|
volume_info = cifs_get_volume_info((char *)data, dev_name, is_smb3);
|
||||||
if (IS_ERR(volume_info))
|
if (IS_ERR(volume_info))
|
||||||
return ERR_CAST(volume_info);
|
return ERR_CAST(volume_info);
|
||||||
|
|
||||||
|
@ -790,6 +790,20 @@ cifs_do_mount(struct file_system_type *fs_type,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static struct dentry *
|
||||||
|
smb3_do_mount(struct file_system_type *fs_type,
|
||||||
|
int flags, const char *dev_name, void *data)
|
||||||
|
{
|
||||||
|
return cifs_smb3_do_mount(fs_type, flags, dev_name, data, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct dentry *
|
||||||
|
cifs_do_mount(struct file_system_type *fs_type,
|
||||||
|
int flags, const char *dev_name, void *data)
|
||||||
|
{
|
||||||
|
return cifs_smb3_do_mount(fs_type, flags, dev_name, data, false);
|
||||||
|
}
|
||||||
|
|
||||||
static ssize_t
|
static ssize_t
|
||||||
cifs_loose_read_iter(struct kiocb *iocb, struct iov_iter *iter)
|
cifs_loose_read_iter(struct kiocb *iocb, struct iov_iter *iter)
|
||||||
{
|
{
|
||||||
|
@ -925,7 +939,7 @@ MODULE_ALIAS_FS("cifs");
|
||||||
static struct file_system_type smb3_fs_type = {
|
static struct file_system_type smb3_fs_type = {
|
||||||
.owner = THIS_MODULE,
|
.owner = THIS_MODULE,
|
||||||
.name = "smb3",
|
.name = "smb3",
|
||||||
.mount = cifs_do_mount,
|
.mount = smb3_do_mount,
|
||||||
.kill_sb = cifs_kill_sb,
|
.kill_sb = cifs_kill_sb,
|
||||||
/* .fs_flags */
|
/* .fs_flags */
|
||||||
};
|
};
|
||||||
|
|
|
@ -211,7 +211,7 @@ extern int cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
|
||||||
extern int cifs_match_super(struct super_block *, void *);
|
extern int cifs_match_super(struct super_block *, void *);
|
||||||
extern void cifs_cleanup_volume_info(struct smb_vol *pvolume_info);
|
extern void cifs_cleanup_volume_info(struct smb_vol *pvolume_info);
|
||||||
extern struct smb_vol *cifs_get_volume_info(char *mount_data,
|
extern struct smb_vol *cifs_get_volume_info(char *mount_data,
|
||||||
const char *devname);
|
const char *devname, bool is_smb3);
|
||||||
extern int cifs_mount(struct cifs_sb_info *, struct smb_vol *);
|
extern int cifs_mount(struct cifs_sb_info *, struct smb_vol *);
|
||||||
extern void cifs_umount(struct cifs_sb_info *);
|
extern void cifs_umount(struct cifs_sb_info *);
|
||||||
extern void cifs_mark_open_files_invalid(struct cifs_tcon *tcon);
|
extern void cifs_mark_open_files_invalid(struct cifs_tcon *tcon);
|
||||||
|
|
|
@ -320,7 +320,7 @@ static int generic_ip_connect(struct TCP_Server_Info *server);
|
||||||
static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
|
static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
|
||||||
static void cifs_prune_tlinks(struct work_struct *work);
|
static void cifs_prune_tlinks(struct work_struct *work);
|
||||||
static int cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
|
static int cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
|
||||||
const char *devname);
|
const char *devname, bool is_smb3);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* cifs tcp session reconnection
|
* cifs tcp session reconnection
|
||||||
|
@ -1166,7 +1166,7 @@ cifs_parse_cache_flavor(char *value, struct smb_vol *vol)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
cifs_parse_smb_version(char *value, struct smb_vol *vol)
|
cifs_parse_smb_version(char *value, struct smb_vol *vol, bool is_smb3)
|
||||||
{
|
{
|
||||||
substring_t args[MAX_OPT_ARGS];
|
substring_t args[MAX_OPT_ARGS];
|
||||||
|
|
||||||
|
@ -1176,6 +1176,10 @@ cifs_parse_smb_version(char *value, struct smb_vol *vol)
|
||||||
cifs_dbg(VFS, "mount with legacy dialect disabled\n");
|
cifs_dbg(VFS, "mount with legacy dialect disabled\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
if (is_smb3) {
|
||||||
|
cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
vol->ops = &smb1_operations;
|
vol->ops = &smb1_operations;
|
||||||
vol->vals = &smb1_values;
|
vol->vals = &smb1_values;
|
||||||
break;
|
break;
|
||||||
|
@ -1184,6 +1188,10 @@ cifs_parse_smb_version(char *value, struct smb_vol *vol)
|
||||||
cifs_dbg(VFS, "mount with legacy dialect disabled\n");
|
cifs_dbg(VFS, "mount with legacy dialect disabled\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
if (is_smb3) {
|
||||||
|
cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
vol->ops = &smb20_operations;
|
vol->ops = &smb20_operations;
|
||||||
vol->vals = &smb20_values;
|
vol->vals = &smb20_values;
|
||||||
break;
|
break;
|
||||||
|
@ -1272,7 +1280,7 @@ cifs_parse_devname(const char *devname, struct smb_vol *vol)
|
||||||
|
|
||||||
static int
|
static int
|
||||||
cifs_parse_mount_options(const char *mountdata, const char *devname,
|
cifs_parse_mount_options(const char *mountdata, const char *devname,
|
||||||
struct smb_vol *vol)
|
struct smb_vol *vol, bool is_smb3)
|
||||||
{
|
{
|
||||||
char *data, *end;
|
char *data, *end;
|
||||||
char *mountdata_copy = NULL, *options;
|
char *mountdata_copy = NULL, *options;
|
||||||
|
@ -1985,7 +1993,7 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
|
||||||
if (string == NULL)
|
if (string == NULL)
|
||||||
goto out_nomem;
|
goto out_nomem;
|
||||||
|
|
||||||
if (cifs_parse_smb_version(string, vol) != 0)
|
if (cifs_parse_smb_version(string, vol, is_smb3) != 0)
|
||||||
goto cifs_parse_mount_err;
|
goto cifs_parse_mount_err;
|
||||||
got_version = true;
|
got_version = true;
|
||||||
break;
|
break;
|
||||||
|
@ -3797,7 +3805,7 @@ expand_dfs_referral(const unsigned int xid, struct cifs_ses *ses,
|
||||||
} else {
|
} else {
|
||||||
cleanup_volume_info_contents(volume_info);
|
cleanup_volume_info_contents(volume_info);
|
||||||
rc = cifs_setup_volume_info(volume_info, mdata,
|
rc = cifs_setup_volume_info(volume_info, mdata,
|
||||||
fake_devname);
|
fake_devname, false);
|
||||||
}
|
}
|
||||||
kfree(fake_devname);
|
kfree(fake_devname);
|
||||||
kfree(cifs_sb->mountdata);
|
kfree(cifs_sb->mountdata);
|
||||||
|
@ -3810,11 +3818,11 @@ expand_dfs_referral(const unsigned int xid, struct cifs_ses *ses,
|
||||||
|
|
||||||
static int
|
static int
|
||||||
cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
|
cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
|
||||||
const char *devname)
|
const char *devname, bool is_smb3)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (cifs_parse_mount_options(mount_data, devname, volume_info))
|
if (cifs_parse_mount_options(mount_data, devname, volume_info, is_smb3))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (volume_info->nullauth) {
|
if (volume_info->nullauth) {
|
||||||
|
@ -3848,7 +3856,7 @@ cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
|
||||||
}
|
}
|
||||||
|
|
||||||
struct smb_vol *
|
struct smb_vol *
|
||||||
cifs_get_volume_info(char *mount_data, const char *devname)
|
cifs_get_volume_info(char *mount_data, const char *devname, bool is_smb3)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
struct smb_vol *volume_info;
|
struct smb_vol *volume_info;
|
||||||
|
@ -3857,7 +3865,7 @@ cifs_get_volume_info(char *mount_data, const char *devname)
|
||||||
if (!volume_info)
|
if (!volume_info)
|
||||||
return ERR_PTR(-ENOMEM);
|
return ERR_PTR(-ENOMEM);
|
||||||
|
|
||||||
rc = cifs_setup_volume_info(volume_info, mount_data, devname);
|
rc = cifs_setup_volume_info(volume_info, mount_data, devname, is_smb3);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
cifs_cleanup_volume_info(volume_info);
|
cifs_cleanup_volume_info(volume_info);
|
||||||
volume_info = ERR_PTR(rc);
|
volume_info = ERR_PTR(rc);
|
||||||
|
|
Loading…
Reference in a new issue