[SMB3] Improve security, move default dialect to SMB3 from old CIFS

Due to recent publicity about security vulnerabilities in the
much older CIFS dialect, move the default dialect to the
widely accepted (and quite secure) SMB3.0 dialect from the
old default of the CIFS dialect.

We do not want to be encouraging use of less secure dialects,
and both Microsoft and CERT now strongly recommend not using the
older CIFS dialect (SMB Security Best Practices
"recommends disabling SMBv1").

SMB3 is both secure and widely available: in Windows 8 and later,
Samba and Macs.

Users can still choose to explicitly mount with the less secure
dialect (for old servers) by choosing "vers=1.0" on the cifs
mount

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
This commit is contained in:
Steve French 2017-07-08 17:30:41 -05:00
parent 2a38e12053
commit eef914a9eb

View file

@ -1272,9 +1272,9 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
vol->actimeo = CIFS_DEF_ACTIMEO;
/* FIXME: add autonegotiation -- for now, SMB1 is default */
vol->ops = &smb1_operations;
vol->vals = &smb1_values;
/* FIXME: add autonegotiation for SMB3 or later rather than just SMB3 */
vol->ops = &smb30_operations; /* both secure and accepted widely */
vol->vals = &smb30_values;
vol->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;