diff options
author | Anna Platash <anna.platash@intel.com> | 2020-10-14 11:19:03 +0300 |
---|---|---|
committer | Anna Platash <anna.platash@intel.com> | 2020-10-28 13:53:42 +0300 |
commit | 91676334dd7d621651016b18a7fc51a1ea785731 (patch) | |
tree | 164e7a8f8079f496fa7d7832f315897afdb90e0d | |
parent | 98a31fc5be01cbf29dbcd61a77c33f3c7777ea74 (diff) | |
download | virtual-media-91676334dd7d621651016b18a7fc51a1ea785731.tar.xz |
Allow for negotiation of higher SMB version
SMB 3.1.1 provides more secure authentication.
vers=3 is preferred over vers=3.0 as it automatically
negotiates 3.0 or 3.0.2 dialects, if available from server.
While the vers=3.0 uses only 3.0.
Fallback scheme:
try vers=3.1.1
if fails - try vers=3
if fails - unrecoverable error path
Tested:
Manually on ArcherCity. Mounting .iso image in legacy mode (smb),
using RedFish interface.
Change-Id: Ief224353079f1b7200011a00b8d5c482f57f844e
Signed-off-by: Anna Platash <anna.platash@intel.com>
-rw-r--r-- | src/smb.hpp | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/src/smb.hpp b/src/smb.hpp index 4860d37..a1caf89 100644 --- a/src/smb.hpp +++ b/src/smb.hpp @@ -22,12 +22,11 @@ class SmbShare { LogMsg(Logger::Debug, "Trying to mount remote : ", remote); - const std::string params = "nolock,sec=ntlmsspi,seal,vers=3.0"; + const std::string params = "nolock,sec=ntlmsspi,seal"; const std::string perm = rw ? "rw" : "ro"; - auto options = params + "," + perm; - LogMsg(Logger::Debug, "Mounting with options: ", options); - + std::string options = params + "," + perm; std::string credentialsOpt; + if (!credentials) { LogMsg(Logger::Info, "Mounting as Guest"); @@ -39,25 +38,47 @@ class SmbShare credentialsOpt = "user=" + credentials->user() + ",password=" + credentials->password(); } - options += "," + credentialsOpt; - auto ec = ::mount(remote.c_str(), mountDir.c_str(), "cifs", 0, - options.c_str()); + std::string versionOpt = "vers=3.1.1"; + auto ec = mountWithSmbVers(remote, options, versionOpt); + + if (ec) + { + // vers=3 will negotiate max version from 3.02 and 3.0 + versionOpt = "vers=3"; + ec = mountWithSmbVers(remote, options, versionOpt); + } utils::secureCleanup(options); utils::secureCleanup(credentialsOpt); if (ec) { - LogMsg(Logger::Error, "Mount failed with ec = ", ec, - " errno = ", errno); return false; } - return true; } private: std::string mountDir; + + int mountWithSmbVers(const fs::path& remote, std::string options, + const std::string& version) + { + options += "," + version; + LogMsg(Logger::Debug, "Mounting with options: ", options); + + auto ec = ::mount(remote.c_str(), mountDir.c_str(), "cifs", 0, + options.c_str()); + utils::secureCleanup(options); + + if (ec) + { + LogMsg(Logger::Info, "Mount failed for ", version, + " with ec = ", ec, " errno = ", errno); + } + + return ec; + } }; |