[PATCHES] param: Change default of 'client max protocol' to SMB3_11

Wed Nov 18 19:48:01 UTC 2015

On Wed, Nov 18, 2015 at 10:41:56AM -0800, Jeremy Allison wrote:
> On Wed, Nov 18, 2015 at 11:37:03AM -0700, Christof Schmitt wrote:
> > docs-xml/smbdotconf/protocol/clientmaxprotocol.xml documents the current
> > config:
> > 
> >     <para>The value <constant>default</constant> refers to the default protocol in each
> >     part of the code, currently <constant>NT1</constant> in the client tools and
> >     <constant>SMB3_02</constant> in winbindd.</para>
> > 
> > Is there a reason why the default of client tools is limited to only
> > NT1? With newer Windows server having the option of disabling SMB1
> > support, should we change the default to also negotiate higher protocol
> > dialects?
> 
> Yep. Move to SMB3 I think.

See attached patches.

Christof
-------------- next part --------------
From e1aa692a907b645e084a3a5a4c317bd21da7ddd4 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Wed, 18 Nov 2015 12:26:13 -0700
Subject: [PATCH 1/4] param: Change default of 'client max protocol' to SMB3_11

This allows client tools to connect to SMB2/3-only servers without
changing the default config.

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 docs-xml/smbdotconf/protocol/clientmaxprotocol.xml |    5 +----
 lib/param/loadparm.c                               |    2 +-
 source3/param/loadparm.c                           |    2 +-
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
index 240ba1a..d39d219 100644
--- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
@@ -79,14 +79,11 @@
     negotiation phase in the SMB protocol takes care of choosing 
     the appropriate protocol.</para>
 
-    <para>The value <constant>default</constant> refers to the default protocol in each
-    part of the code, currently <constant>NT1</constant> in the client tools and
-    <constant>SMB3_02</constant> in winbindd.</para>
 </description>
 
 <related>server max protocol</related>
 <related>client min protocol</related>
 
-<value type="default">default</value>
+<value type="default">SMB3_11</value>
 <value type="example">LANMAN1</value>
 </samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 640c602..91f84ba 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2535,7 +2535,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "server min protocol", "LANMAN1");
 	lpcfg_do_global_parameter(lp_ctx, "server max protocol", "SMB3");
 	lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
-	lpcfg_do_global_parameter(lp_ctx, "client max protocol", "default");
+	lpcfg_do_global_parameter(lp_ctx, "client max protocol", "SMB3");
 	lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
 	lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
 	lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 9f40e65..9718b55 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -640,7 +640,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.max_open_files = max_open_files();
 	Globals.server_max_protocol = PROTOCOL_SMB3_11;
 	Globals.server_min_protocol = PROTOCOL_LANMAN1;
-	Globals._client_max_protocol = PROTOCOL_DEFAULT;
+	Globals._client_max_protocol = PROTOCOL_SMB3_11;
 	Globals.client_min_protocol = PROTOCOL_CORE;
 	Globals._security = SEC_AUTO;
 	Globals.encrypt_passwords = true;
-- 
1.7.1


From c9ed2d71f16026ab3d877887b4443fe2c3296105 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Wed, 18 Nov 2015 12:28:19 -0700
Subject: [PATCH 2/4] param: Remove special handling for winbindd max protocol

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 source3/include/proto.h        |    1 -
 source3/param/loadparm.c       |    9 ---------
 source3/winbindd/winbindd_cm.c |    2 +-
 3 files changed, 1 insertions(+), 11 deletions(-)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9dd08fb..b500e62 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -980,7 +980,6 @@ const char *lp_idmap_backend(const char *domain_name);
 const char *lp_idmap_default_backend (void);
 int lp_security(void);
 int lp_client_max_protocol(void);
-int lp_winbindd_max_protocol(void);
 int lp_smb2_max_credits(void);
 int lp_cups_encrypt(void);
 bool lp_widelinks(int );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 9718b55..3ac8d1e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4398,15 +4398,6 @@ int lp_client_max_protocol(void)
 	return client_max_protocol;
 }
 
-int lp_winbindd_max_protocol(void)
-{
-	int client_max_protocol = lp__client_max_protocol();
-	if (client_max_protocol == PROTOCOL_DEFAULT) {
-		return PROTOCOL_LATEST;
-	}
-	return client_max_protocol;
-}
-
 struct loadparm_global * get_globals(void)
 {
 	return &Globals;
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 716fa5a..6ce4499 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1050,7 +1050,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 
 	result = smbXcli_negprot((*cli)->conn, (*cli)->timeout,
 				 lp_client_min_protocol(),
-				 lp_winbindd_max_protocol());
+				 lp_client_max_protocol());
 
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
-- 
1.7.1


From 4df9699d85467b2026bb26187512edf4f56b6a33 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Wed, 18 Nov 2015 12:33:03 -0700
Subject: [PATCH 3/4] param: Remove special handling for PROTOCOL_DEFAULT

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 docs-xml/smbdotconf/protocol/clientmaxprotocol.xml |    1 -
 lib/param/loadparm.c                               |    9 ---------
 source3/include/proto.h                            |    1 -
 source3/param/loadparm.c                           |   11 +----------
 source4/param/loadparm.c                           |    2 +-
 5 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
index d39d219..e3f5f74 100644
--- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
@@ -1,7 +1,6 @@
 <samba:parameter name="client max protocol"
                  context="G"
                  type="enum"
-                 function="_client_max_protocol"
                  enumlist="enum_protocol"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 91f84ba..3d901fc 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3228,15 +3228,6 @@ int lpcfg_security(struct loadparm_context *lp_ctx)
 				lpcfg__security(lp_ctx));
 }
 
-int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx)
-{
-	int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
-	if (client_max_protocol == PROTOCOL_DEFAULT) {
-		return PROTOCOL_NT1;
-	}
-	return client_max_protocol;
-}
-
 bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
 {
 	bool allowed = true;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b500e62..d1177f7 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -979,7 +979,6 @@ bool lp_idmap_default_range(uint32_t *low, uint32_t *high);
 const char *lp_idmap_backend(const char *domain_name);
 const char *lp_idmap_default_backend (void);
 int lp_security(void);
-int lp_client_max_protocol(void);
 int lp_smb2_max_credits(void);
 int lp_cups_encrypt(void);
 bool lp_widelinks(int );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3ac8d1e..cc90231 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -640,7 +640,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.max_open_files = max_open_files();
 	Globals.server_max_protocol = PROTOCOL_SMB3_11;
 	Globals.server_min_protocol = PROTOCOL_LANMAN1;
-	Globals._client_max_protocol = PROTOCOL_SMB3_11;
+	Globals.client_max_protocol = PROTOCOL_SMB3_11;
 	Globals.client_min_protocol = PROTOCOL_CORE;
 	Globals._security = SEC_AUTO;
 	Globals.encrypt_passwords = true;
@@ -4389,15 +4389,6 @@ int lp_security(void)
 				lp__security());
 }
 
-int lp_client_max_protocol(void)
-{
-	int client_max_protocol = lp__client_max_protocol();
-	if (client_max_protocol == PROTOCOL_DEFAULT) {
-		return PROTOCOL_NT1;
-	}
-	return client_max_protocol;
-}
-
 struct loadparm_global * get_globals(void)
 {
 	return &Globals;
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index af3313f..529c828 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -40,7 +40,7 @@ void lpcfg_smbcli_options(struct loadparm_context *lp_ctx,
 	options->signing = lpcfg_client_signing(lp_ctx);
 	options->request_timeout = SMB_REQUEST_TIMEOUT;
 	options->ntstatus_support = lpcfg_nt_status_support(lp_ctx);
-	options->max_protocol = lpcfg__client_max_protocol(lp_ctx);
+	options->max_protocol = lpcfg_client_max_protocol(lp_ctx);
 	options->unicode = lpcfg_unicode(lp_ctx);
 	options->use_oplocks = true;
 	options->use_level2_oplocks = true;
-- 
1.7.1


From fe75d528301c1e6a65736d162050f5c6ff911ae9 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Wed, 18 Nov 2015 12:17:35 -0700
Subject: [PATCH 4/4] WHATSNEW: Document new setting of 'client max protocol'

Signed-off-by: Christof Schmitt <cs at samba.org>
---
 WHATSNEW.txt |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 53f7860..1527744 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -40,6 +40,7 @@ smb.conf changes
   Parameter Name		Description		Default
   --------------		-----------		-------
   aio max threads               New                     100
+  client max protocol           Changed                 SMB3_11
 
 CTDB changes
 ------------
-- 
1.7.1

