| Message ID | CAH2r5mvsCNcWQEO7yaXU+QZTPW4eCHKf9mpwERSiZUVbordhbA@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | cifs: allow disabling less secure legacy dialects | expand |
Updated with some minor changes to remove old build warnings on various other of the module parms On Thu, May 24, 2018 at 3:23 AM, Steve French <smfrench@gmail.com> wrote: > To improve security it may be helpful to have additional ways to restrict the > ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount > with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0 > are weaker and less secure. > > Add a module parameter "disable_legacy_dialects" > (/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to > 1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount. > > Signed-off-by: Steve French <smfrench@gmail.com> > --- > fs/cifs/cifsfs.c | 10 ++++++++++ > fs/cifs/connect.c | 9 +++++++++ > 2 files changed, 19 insertions(+) > > diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c > index c49d4a681017..600220388f0d 100644 > --- a/fs/cifs/cifsfs.c > +++ b/fs/cifs/cifsfs.c > @@ -58,6 +58,7 @@ bool traceSMB; > bool enable_oplocks = true; > bool linuxExtEnabled = true; > bool lookupCacheEnabled = true; > +bool disable_legacy_dialects; /* false by default */ > unsigned int global_secflags = CIFSSEC_DEF; > /* unsigned int ntlmv2_support = 0; */ > unsigned int sign_CIFS_PDUs = 1; > @@ -83,6 +84,15 @@ MODULE_PARM_DESC(cifs_max_pending, "Simultaneous > requests to server for " > module_param(enable_oplocks, bool, 0644); > MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1"); > > +module_param(disable_legacy_dialects, bool, 0644); > +MODULE_PARM_DESC(disable_legacy_dialects, "To improve security it may be " > + "helpful to restrict the ability to " > + "override the default dialects (SMB2.1, " > + "SMB3 and SMB3.02) on mount with old " > + "dialects (CIFS/SMB1 and SMB2) since " > + "vers=1.0 (CIFS/SMB1) and vers=2.0 are weaker" > + " and less secure. Default: n/N/0"); > + > extern mempool_t *cifs_sm_req_poolp; > extern mempool_t *cifs_req_poolp; > extern mempool_t *cifs_mid_poolp; > diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c > index 83b0234d443c..ed3b6de88395 100644 > --- a/fs/cifs/connect.c > +++ b/fs/cifs/connect.c > @@ -61,6 +61,7 @@ > #define RFC1001_PORT 139 > > extern mempool_t *cifs_req_poolp; > +extern bool disable_legacy_dialects; > > /* FIXME: should these be tunable? */ > #define TLINK_ERROR_EXPIRE (1 * HZ) > @@ -1146,10 +1147,18 @@ cifs_parse_smb_version(char *value, struct smb_vol *vol) > > switch (match_token(value, cifs_smb_version_tokens, args)) { > case Smb_1: > + if (disable_legacy_dialects) { > + cifs_dbg(VFS, "mount with legacy dialect disabled\n"); > + return 1; > + } > vol->ops = &smb1_operations; > vol->vals = &smb1_values; > break; > case Smb_20: > + if (disable_legacy_dialects) { > + cifs_dbg(VFS, "mount with legacy dialect disabled\n"); > + return 1; > + } > vol->ops = &smb20_operations; > vol->vals = &smb20_values; > break; > -- > 2.17.0 > > > -- > Thanks, > > Steve
From 2f27b516cd32b40a2a7d5cb04d28bcc83c29066b Mon Sep 17 00:00:00 2001 From: Steve French <stfrench@microsoft.com> Date: Thu, 24 May 2018 03:14:56 -0500 Subject: [PATCH] cifs: allow disabling less secure legacy dialects To improve security it may be helpful to have additional ways to restrict the ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0 are weaker and less secure. Add a module parameter "disable_legacy_dialects" (/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to 1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount. Signed-off-by: Steve French <smfrench@gmail.com> --- fs/cifs/cifsfs.c | 10 ++++++++++ fs/cifs/connect.c | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index c49d4a681017..600220388f0d 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -58,6 +58,7 @@ bool traceSMB; bool enable_oplocks = true; bool linuxExtEnabled = true; bool lookupCacheEnabled = true; +bool disable_legacy_dialects; /* false by default */ unsigned int global_secflags = CIFSSEC_DEF; /* unsigned int ntlmv2_support = 0; */ unsigned int sign_CIFS_PDUs = 1; @@ -83,6 +84,15 @@ MODULE_PARM_DESC(cifs_max_pending, "Simultaneous requests to server for " module_param(enable_oplocks, bool, 0644); MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1"); +module_param(disable_legacy_dialects, bool, 0644); +MODULE_PARM_DESC(disable_legacy_dialects, "To improve security it may be " + "helpful to restrict the ability to " + "override the default dialects (SMB2.1, " + "SMB3 and SMB3.02) on mount with old " + "dialects (CIFS/SMB1 and SMB2) since " + "vers=1.0 (CIFS/SMB1) and vers=2.0 are weaker" + " and less secure. Default: n/N/0"); + extern mempool_t *cifs_sm_req_poolp; extern mempool_t *cifs_req_poolp; extern mempool_t *cifs_mid_poolp; diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 83b0234d443c..ed3b6de88395 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -61,6 +61,7 @@ #define RFC1001_PORT 139 extern mempool_t *cifs_req_poolp; +extern bool disable_legacy_dialects; /* FIXME: should these be tunable? */ #define TLINK_ERROR_EXPIRE (1 * HZ) @@ -1146,10 +1147,18 @@ cifs_parse_smb_version(char *value, struct smb_vol *vol) switch (match_token(value, cifs_smb_version_tokens, args)) { case Smb_1: + if (disable_legacy_dialects) { + cifs_dbg(VFS, "mount with legacy dialect disabled\n"); + return 1; + } vol->ops = &smb1_operations; vol->vals = &smb1_values; break; case Smb_20: + if (disable_legacy_dialects) { + cifs_dbg(VFS, "mount with legacy dialect disabled\n"); + return 1; + } vol->ops = &smb20_operations; vol->vals = &smb20_values; break; -- 2.17.0
To improve security it may be helpful to have additional ways to restrict the ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0 are weaker and less secure. Add a module parameter "disable_legacy_dialects" (/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to 1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount. Signed-off-by: Steve French <smfrench@gmail.com> --- fs/cifs/cifsfs.c | 10 ++++++++++ fs/cifs/connect.c | 9 +++++++++ 2 files changed, 19 insertions(+)