From 91676334dd7d621651016b18a7fc51a1ea785731 Mon Sep 17 00:00:00 2001
From: Anna Platash <anna.platash@intel.com>
Date: Wed, 14 Oct 2020 10:19:03 +0200
Subject: Allow for negotiation of higher SMB version

SMB 3.1.1 provides more secure authentication.
vers=3 is preferred over vers=3.0 as it automatically
negotiates 3.0 or 3.0.2 dialects, if available from server.
While the vers=3.0 uses only 3.0.

Fallback scheme:
try vers=3.1.1
if fails - try vers=3
if fails - unrecoverable error path

Tested:
Manually on ArcherCity. Mounting .iso image in legacy mode (smb),
using RedFish interface.

Change-Id: Ief224353079f1b7200011a00b8d5c482f57f844e
Signed-off-by: Anna Platash <anna.platash@intel.com>
---
 src/smb.hpp | 41 +++++++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/src/smb.hpp b/src/smb.hpp
index 4860d37..a1caf89 100644
--- a/src/smb.hpp
+++ b/src/smb.hpp
@@ -22,12 +22,11 @@ class SmbShare
     {
         LogMsg(Logger::Debug, "Trying to mount remote : ", remote);
 
-        const std::string params = "nolock,sec=ntlmsspi,seal,vers=3.0";
+        const std::string params = "nolock,sec=ntlmsspi,seal";
         const std::string perm = rw ? "rw" : "ro";
-        auto options = params + "," + perm;
-        LogMsg(Logger::Debug, "Mounting with options: ", options);
-
+        std::string options = params + "," + perm;
         std::string credentialsOpt;
+
         if (!credentials)
         {
             LogMsg(Logger::Info, "Mounting as Guest");
@@ -39,25 +38,47 @@ class SmbShare
             credentialsOpt = "user=" + credentials->user() +
                              ",password=" + credentials->password();
         }
-
         options += "," + credentialsOpt;
 
-        auto ec = ::mount(remote.c_str(), mountDir.c_str(), "cifs", 0,
-                          options.c_str());
+        std::string versionOpt = "vers=3.1.1";
+        auto ec = mountWithSmbVers(remote, options, versionOpt);
+
+        if (ec)
+        {
+            // vers=3 will negotiate max version from 3.02 and 3.0
+            versionOpt = "vers=3";
+            ec = mountWithSmbVers(remote, options, versionOpt);
+        }
 
         utils::secureCleanup(options);
         utils::secureCleanup(credentialsOpt);
 
         if (ec)
         {
-            LogMsg(Logger::Error, "Mount failed with ec = ", ec,
-                   " errno = ", errno);
             return false;
         }
-
         return true;
     }
 
   private:
     std::string mountDir;
+
+    int mountWithSmbVers(const fs::path& remote, std::string options,
+                         const std::string& version)
+    {
+        options += "," + version;
+        LogMsg(Logger::Debug, "Mounting with options: ", options);
+
+        auto ec = ::mount(remote.c_str(), mountDir.c_str(), "cifs", 0,
+                          options.c_str());
+        utils::secureCleanup(options);
+
+        if (ec)
+        {
+            LogMsg(Logger::Info, "Mount failed for ", version,
+                   " with ec = ", ec, " errno = ", errno);
+        }
+
+        return ec;
+    }
 };
-- 
cgit v1.2.3