mount.cifs fails to honor vers 1.0 dialect ?

[nsauzede]

Describe the bug
I noticed a mount.cifs missing feature bug (or maybe a security feature rather than a bug ?)
I can't mount an old cifs server (dialect 1.0) when I can on ubuntu18.10 (same mount.cifs version)
dmesg reports that we must specify the mount.cifs option "vers=1.0" (same as required on Ubuntu18.10),
but when we do so, we get an EINVAL

To Reproduce
Steps to reproduce the behavior:
On CLR :

$ sudo mount.cifs -V
mount.cifs version: 6.8
$ uname -a
Linux clr-nsauzede-MOBL4 4.20.7-694.native #1 SMP Thu Feb 7 00:53:34 UTC 2019 x86_64 GNU/Linux
$ sudo mount.cifs //old.cifs.server/vers1.0 mnt -o "domain=GER,user=nsauzede,password="
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
$ sudo dmesg -c
[ 2748.812978] CIFS: Attempting to mount //old.cifs.server/vers1.0
[ 2748.812999] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
$ sudo mount.cifs //old.cifs.server/vers1.0 mnt -o "domain=GER,user=nsauzede,password=,vers=1.0"
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
$ sudo dmesg -c
[ 2637.892366] CIFS: Attempting to mount //old.cifs.server/vers1.0

Expected behavior
On Ubuntu18.10 :

$ sudo mount.cifs -V
mount.cifs version: 6.8
$ uname -a
Linux nsauzede-MOBL4 4.18.0-15-generic #16-Ubuntu SMP Thu Feb 7 10:56:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ sudo mount.cifs //old.cifs.server/vers1.0 mnt -o "domain=GER,user=nsauzede,password="
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
$ sudo dmesg -c
[ 1064.895247] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[ 1065.374863] CIFS VFS: cifs_mount failed w/return code = -112
$ sudo mount.cifs //old.cifs.server/vers1.0 mnt -o "domain=GER,user=nsauzede,password=,vers=1.0"
$ sudo dmesg -c
$

Screenshots
N/A

Environment (please complete the following information):

• Clear Linux OS version: [cat /usr/lib/os-release]
  NAME="Clear Linux OS"
  VERSION=1
  ID=clear-linux-os
  ID_LIKE=clear-linux-os
  VERSION_ID=27700
  PRETTY_NAME="Clear Linux OS"
  ANSI_COLOR="1;35"
  HOME_URL="https://clearlinux.org"
  SUPPORT_URL="https://clearlinux.org"
  BUG_REPORT_URL="mailto:dev@lists.clearlinux.org"
  PRIVACY_POLICY_URL="http://www.intel.com/privacy"
• Bundles: [e.g. sudo swupd bundle-list]
  acpica-unix2
  alsa-utils
  ansible
  binutils
  bison
  bootloader
  c-basic
  cloud-api
  cloud-control
  clr-installer
  containers-basic
  curl
  desktop
  desktop-apps
  desktop-assets
  desktop-autostart
  desktop-gnomelibs
  desktop-locales
  diffutils
  dosfstools
  doxygen
  editors
  emacs
  ethtool
  file
  findutils
  firefox
  flex
  fonts-basic
  fuse
  fwupdate
  gdb
  git
  go-basic
  gzip
  htop
  ipmitool
  iproute2
  irssi
  java-basic
  joe
  kbd
  kernel-install
  kernel-native
  kvm-host
  less
  libX11client
  libva-utils
  llvm
  locales
  make
  nasm
  network-basic
  nfs-utils
  nginx
  openssh-server
  openssl
  os-core
  os-core-update
  os-core-webproxy
  p11-kit
  parallel
  patch
  perl-basic
  pmdk
  powertop
  pxe-server
  python2-basic
  python3-basic
  smartmontools
  storage-utils
  strace
  sudo
  sysadmin-basic
  sysadmin-hostmgmt
  telemetrics
  thermal_daemon
  tmux
  tzdata
  unzip
  valgrind
  vim
  weechat
  which
  wpa_supplicant
  x11-server
  xemacs
  xfsprogs
  xterm
  xz
  zip
  znc
  zstd

Additional context
Running CLR in a Virtualbox VM, but also running said Ubuntu18.10 in same kind of Virtualbox VM
(both see the same network, standard NAT of course)

[nesiusra]

@ahkok - thoughts on this? Might support for CIFS 1.0 be something turned off for security reasons?

[ahkok]

from man mount.cifs:

       vers=arg
              SMB protocol version. Allowed values are:

              • 1.0 - The classic CIFS/SMBv1 protocol.

              • 2.0 - The SMBv2.002 protocol. This was initially introduced in  Windows  Vista
                Service Pack 1, and Windows Server 2008. Note that the initial release version
                of Windows Vista spoke a slightly different dialect (2.000) that is  not  sup‐
                ported.

              • 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Win‐
                dows Server 2008R2.

              • 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Win‐
                dows Server 2012.

              • 3.1.1  or  3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Win‐
                dows Server 2016.

              Note too that while this option governs the protocol version used, not all  fea‐
              tures of each version are available.

              The  default since v4.13.5 is for the client and server to negotiate the highest
              possible version greater than or equal to 2.1. In kernels prior  to  v4.13,  the
              default was 1.0. For kernels between v4.13 and v4.13.5 the default is 3.0.

[ahkok]

Our kernel has CONFIG_CIFS_ALLOW_INSECURE_LEGACY disabled. The kernel recommends disabling this option because the SMB1 protocol is insecure.

You would have to recompile the kernel to enable it yourself. We can no longer enable this option by default.