diff options
author | Steve French <stfrench@microsoft.com> | 2018-06-06 17:59:29 -0500 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2018-06-07 08:36:39 -0500 |
commit | c7c137b931b6894531003b5de888ad012dc37ba6 (patch) | |
tree | 358e89116a84a27ee19436eee4ab07e847ea7e9c /fs/cifs/cifsfs.c | |
parent | 8ddecf5fd728d3c6373394fa647d28e7c27f93a7 (diff) |
smb3: do not allow insecure cifs mounts when using smb3
if mounting as smb3 do not allow cifs (vers=1.0) or insecure vers=2.0
mounts.
For example:
root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1
root@smf-Thinkpad-P51:~/cifs-2.6# umount /mnt
root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=1.0
mount: /mnt: wrong fs type, bad option, bad superblock on //127.0.0.1/scratch ...
root@smf-Thinkpad-P51:~/cifs-2.6# dmesg | grep smb3
[ 4302.200122] CIFS VFS: vers=1.0 (cifs) not permitted when mounting with smb3
root@smf-Thinkpad-P51:~/cifs-2.6# mount -t smb3 //127.0.0.1/scratch /mnt -o username=testuser,password=Testpass1,vers=3.11
Signed-off-by: Steve French <stfrench@microsoft.com>
Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Sachin Prabhu <sprabhu@redhat.com>
Diffstat (limited to 'fs/cifs/cifsfs.c')
-rw-r--r-- | fs/cifs/cifsfs.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index eb7b6573f322..d5aa7ae917bf 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -698,8 +698,8 @@ static int cifs_set_super(struct super_block *sb, void *data) } static struct dentry * -cifs_do_mount(struct file_system_type *fs_type, - int flags, const char *dev_name, void *data) +cifs_smb3_do_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data, bool is_smb3) { int rc; struct super_block *sb; @@ -710,7 +710,7 @@ cifs_do_mount(struct file_system_type *fs_type, cifs_dbg(FYI, "Devname: %s flags: %d\n", dev_name, flags); - volume_info = cifs_get_volume_info((char *)data, dev_name); + volume_info = cifs_get_volume_info((char *)data, dev_name, is_smb3); if (IS_ERR(volume_info)) return ERR_CAST(volume_info); @@ -790,6 +790,20 @@ out_nls: goto out; } +static struct dentry * +smb3_do_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) +{ + return cifs_smb3_do_mount(fs_type, flags, dev_name, data, true); +} + +static struct dentry * +cifs_do_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) +{ + return cifs_smb3_do_mount(fs_type, flags, dev_name, data, false); +} + static ssize_t cifs_loose_read_iter(struct kiocb *iocb, struct iov_iter *iter) { @@ -925,7 +939,7 @@ MODULE_ALIAS_FS("cifs"); static struct file_system_type smb3_fs_type = { .owner = THIS_MODULE, .name = "smb3", - .mount = cifs_do_mount, + .mount = smb3_do_mount, .kill_sb = cifs_kill_sb, /* .fs_flags */ }; |