From patchwork Thu May 24 08:23:25 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve French <smfrench@gmail.com>
X-Patchwork-Id: 10423091
Return-Path: <linux-cifs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5739D6019D for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 24 May 2018 08:23:52 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 43BE12933D
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 24 May 2018 08:23:52 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 372952933F; Thu, 24 May 2018 08:23:52 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID, T_TVD_MIME_EPI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A4BC92933D
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Thu, 24 May 2018 08:23:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S935631AbeEXIXv (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Thu, 24 May 2018 04:23:51 -0400
Received: from mail-pg0-f65.google.com ([74.125.83.65]:36098 "EHLO
	mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S935502AbeEXIXr (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Thu, 24 May 2018 04:23:47 -0400
Received: by mail-pg0-f65.google.com with SMTP id u7-v6so447489pgp.3
	for <linux-cifs@vger.kernel.org>;
	Thu, 24 May 2018 01:23:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to;
	bh=9UqoPVNLv3i5bDQQ4dsiSfC8vMtJMCHof9GvhzV6aKs=;
	b=kIKOhvZv+WZoKZaLxDKY/ndv+WXMnGaG9WSACKBReKIP8YWXR1xOeSneVX3NEMNeUD
	RrIYMw/c3AxBKH2w0BHzyK8VMcOJFlwb6mikUUP/io5FSwMzcvbQypct0CGBXLuBfJXo
	5zUvAk5FhZRuzMwtzkspxSL6/Hre5lpV5jl6Oteb+zVE6AbDYTg+h305rGsDYDF1T9u/
	+Nfd9KuJ9dzOaStvCyA3jGsxSLhH4jyv/vRy/Hkv1yaRHpVDIGywLdxekZEl6vRQv2oQ
	Bl1oj3UOIGPDfYNfIvHar1qPnfVaI0F2tkzogWh+xOD/RtSGoEYWESN3ckdaHyjygAXc
	U3yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=9UqoPVNLv3i5bDQQ4dsiSfC8vMtJMCHof9GvhzV6aKs=;
	b=SG72oiqeTaUS9F0pnIwPp6yGpqzDdc8mPTaHyGoyrPrUrytuSMg18hv+846WMT2+Hp
	2AZHm7t2BesxPV/yikRXNj8ltZVKnaR6nu31wZbtF4i5/HNX6oFO9VUFV/5iRv3M0ja+
	wBuTtMeDHSy8Yzch3Z3vxMkn33ATTgJF+WxstOknSsGjkcwtpS7CF4LuV5RFMXDYQcIW
	ArFhn2K+aH5PazDkmlfK7+faI0E4dmUpUNuWDBgpxZAxBWblqVDOzZaqv/4CEPkjIbpO
	HzUKFzmZQCgsJima8ljV68Wxf+73F/7PdbGyKm1TFcDoOSnQljLHjtp/9njx97dacPil
	QNBQ==
X-Gm-Message-State: ALKqPwfU14Vx1oEZ1as5g3bZfUk9mnhy8Wpd6xBpFRAsFT4Pco3Qxwlr
	+UQK9PNK2F9ba3D7fmxGfK7B+wBc9eiU+VbEfBmH8eYT
X-Google-Smtp-Source: 
 AB8JxZppvkH8Ecnsox73DqNbujyMBc0Wj/Ze4itx6poOb7N17OhkqTDrJ1DZMI0ymwV8HiV+cHzrY+ussPidwMO7cT4=
X-Received: by 2002:a62:9b8d:: with SMTP id
	e13-v6mr6305252pfk.157.1527150226261;
	Thu, 24 May 2018 01:23:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:90a:bd8f:0:0:0:0 with HTTP; Thu, 24 May 2018 01:23:25
	-0700 (PDT)
From: Steve French <smfrench@gmail.com>
Date: Thu, 24 May 2018 03:23:25 -0500
Message-ID: 
 <CAH2r5mvsCNcWQEO7yaXU+QZTPW4eCHKf9mpwERSiZUVbordhbA@mail.gmail.com>
Subject: [PATCH] cifs: allow disabling less secure legacy dialects
To: CIFS <linux-cifs@vger.kernel.org>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

To improve security it may be helpful to have additional ways to restrict the
ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount
with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0
are weaker and less secure.

Add a module parameter "disable_legacy_dialects"
(/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to
1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount.

Signed-off-by: Steve French <smfrench@gmail.com>
---
 fs/cifs/cifsfs.c  | 10 ++++++++++
 fs/cifs/connect.c |  9 +++++++++
 2 files changed, 19 insertions(+)

From 2f27b516cd32b40a2a7d5cb04d28bcc83c29066b Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Thu, 24 May 2018 03:14:56 -0500
Subject: [PATCH] cifs: allow disabling less secure legacy dialects

To improve security it may be helpful to have additional ways to restrict the
ability to override the default dialects (SMB2.1, SMB3 and SMB3.02) on mount
with old dialects (CIFS/SMB1 and SMB2) since vers=1.0 (CIFS/SMB1) and vers=2.0
are weaker and less secure.

Add a module parameter "disable_legacy_dialects"
(/sys/module/cifs/parameters/disable_legacy_dialects) which can be set to
1 (or equivalently Y) to forbid use of vers=1.0 or vers=2.0 on mount.

Signed-off-by: Steve French <smfrench@gmail.com>
---
 fs/cifs/cifsfs.c  | 10 ++++++++++
 fs/cifs/connect.c |  9 +++++++++
 2 files changed, 19 insertions(+)

diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index c49d4a681017..600220388f0d 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -58,6 +58,7 @@ bool traceSMB;
 bool enable_oplocks = true;
 bool linuxExtEnabled = true;
 bool lookupCacheEnabled = true;
+bool disable_legacy_dialects; /* false by default */
 unsigned int global_secflags = CIFSSEC_DEF;
 /* unsigned int ntlmv2_support = 0; */
 unsigned int sign_CIFS_PDUs = 1;
@@ -83,6 +84,15 @@ MODULE_PARM_DESC(cifs_max_pending, "Simultaneous requests to server for "
 module_param(enable_oplocks, bool, 0644);
 MODULE_PARM_DESC(enable_oplocks, "Enable or disable oplocks. Default: y/Y/1");
 
+module_param(disable_legacy_dialects, bool, 0644);
+MODULE_PARM_DESC(disable_legacy_dialects, "To improve security it may be "
+				  "helpful to restrict the ability to "
+				  "override the default dialects (SMB2.1, "
+				  "SMB3 and SMB3.02) on mount with old "
+				  "dialects (CIFS/SMB1 and SMB2) since "
+				  "vers=1.0 (CIFS/SMB1) and vers=2.0 are weaker"
+				  " and less secure. Default: n/N/0");
+
 extern mempool_t *cifs_sm_req_poolp;
 extern mempool_t *cifs_req_poolp;
 extern mempool_t *cifs_mid_poolp;
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 83b0234d443c..ed3b6de88395 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -61,6 +61,7 @@
 #define RFC1001_PORT 139
 
 extern mempool_t *cifs_req_poolp;
+extern bool disable_legacy_dialects;
 
 /* FIXME: should these be tunable? */
 #define TLINK_ERROR_EXPIRE	(1 * HZ)
@@ -1146,10 +1147,18 @@ cifs_parse_smb_version(char *value, struct smb_vol *vol)
 
 	switch (match_token(value, cifs_smb_version_tokens, args)) {
 	case Smb_1:
+		if (disable_legacy_dialects) {
+			cifs_dbg(VFS, "mount with legacy dialect disabled\n");
+			return 1;
+		}
 		vol->ops = &smb1_operations;
 		vol->vals = &smb1_values;
 		break;
 	case Smb_20:
+		if (disable_legacy_dialects) {
+			cifs_dbg(VFS, "mount with legacy dialect disabled\n");
+			return 1;
+		}
 		vol->ops = &smb20_operations;
 		vol->vals = &smb20_values;
 		break;
-- 
2.17.0