[PATCHES] param: Change default of 'client max protocol' to SMB3_11
Christof Schmitt
cs at samba.org
Thu Nov 19 04:55:49 UTC 2015
On Wed, Nov 18, 2015 at 04:34:07PM -0800, Jeremy Allison wrote:
> On Wed, Nov 18, 2015 at 04:28:17PM -0800, Jeremy Allison wrote:
> > On Wed, Nov 18, 2015 at 03:19:01PM -0800, Jeremy Allison wrote:
> > > On Wed, Nov 18, 2015 at 12:48:01PM -0700, Christof Schmitt wrote:
> > > > On Wed, Nov 18, 2015 at 10:41:56AM -0800, Jeremy Allison wrote:
> > > > > On Wed, Nov 18, 2015 at 11:37:03AM -0700, Christof Schmitt wrote:
> > > > > > docs-xml/smbdotconf/protocol/clientmaxprotocol.xml documents the current
> > > > > > config:
> > > > > >
> > > > > > <para>The value <constant>default</constant> refers to the default protocol in each
> > > > > > part of the code, currently <constant>NT1</constant> in the client tools and
> > > > > > <constant>SMB3_02</constant> in winbindd.</para>
> > > > > >
> > > > > > Is there a reason why the default of client tools is limited to only
> > > > > > NT1? With newer Windows server having the option of disabling SMB1
> > > > > > support, should we change the default to also negotiate higher protocol
> > > > > > dialects?
> > > > >
> > > > > Yep. Move to SMB3 I think.
> > > >
> > > > See attached patches.
> > >
> > > LGTM. Pushed.
> >
> > Hmmm. Breaks make test
>
> Oh, I see why. There are many smbclient tests (for example
> samba3.smbtorture_s3.plain(nt4_dc).FDPASS
> that are expecting SMB1 semantics that will fail once
> the default becomes SMB3.
>
> We need to either change the provisioning smb.conf to
> add a 'client max protocol = NT1' or add a -mNT1 to
> each of these test invocations.
>
> Not so simple, sorry.
Just wondering: If the test really requires SMB1, then that protocol
version should be hardcoded in the test. I can take a closer look at
these failures.
Christof
>
> > From 608c3db837af46239caa0334d9abebf81247d721 Mon Sep 17 00:00:00 2001
> > From: Christof Schmitt <cs at samba.org>
> > Date: Wed, 18 Nov 2015 12:26:13 -0700
> > Subject: [PATCH 1/4] param: Change default of 'client max protocol' to SMB3
> >
> > This allows client tools to connect to SMB2/3-only servers without
> > changing the default config.
> >
> > Signed-off-by: Christof Schmitt <cs at samba.org>
> > Reviewed-by: Jeremy Allison <jra at samba.org>
> > ---
> > docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 5 +----
> > lib/param/loadparm.c | 2 +-
> > source3/param/loadparm.c | 2 +-
> > 3 files changed, 3 insertions(+), 6 deletions(-)
> >
> > diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
> > index 240ba1a..4e8a017 100644
> > --- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
> > +++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
> > @@ -79,14 +79,11 @@
> > negotiation phase in the SMB protocol takes care of choosing
> > the appropriate protocol.</para>
> >
> > - <para>The value <constant>default</constant> refers to the default protocol in each
> > - part of the code, currently <constant>NT1</constant> in the client tools and
> > - <constant>SMB3_02</constant> in winbindd.</para>
> > </description>
> >
> > <related>server max protocol</related>
> > <related>client min protocol</related>
> >
> > -<value type="default">default</value>
> > +<value type="default">SMB3</value>
> > <value type="example">LANMAN1</value>
> > </samba:parameter>
> > diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
> > index 640c602..91f84ba 100644
> > --- a/lib/param/loadparm.c
> > +++ b/lib/param/loadparm.c
> > @@ -2535,7 +2535,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
> > lpcfg_do_global_parameter(lp_ctx, "server min protocol", "LANMAN1");
> > lpcfg_do_global_parameter(lp_ctx, "server max protocol", "SMB3");
> > lpcfg_do_global_parameter(lp_ctx, "client min protocol", "CORE");
> > - lpcfg_do_global_parameter(lp_ctx, "client max protocol", "default");
> > + lpcfg_do_global_parameter(lp_ctx, "client max protocol", "SMB3");
> > lpcfg_do_global_parameter(lp_ctx, "security", "AUTO");
> > lpcfg_do_global_parameter(lp_ctx, "EncryptPasswords", "True");
> > lpcfg_do_global_parameter(lp_ctx, "ReadRaw", "True");
> > diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> > index 9f40e65..9718b55 100644
> > --- a/source3/param/loadparm.c
> > +++ b/source3/param/loadparm.c
> > @@ -640,7 +640,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
> > Globals.max_open_files = max_open_files();
> > Globals.server_max_protocol = PROTOCOL_SMB3_11;
> > Globals.server_min_protocol = PROTOCOL_LANMAN1;
> > - Globals._client_max_protocol = PROTOCOL_DEFAULT;
> > + Globals._client_max_protocol = PROTOCOL_SMB3_11;
> > Globals.client_min_protocol = PROTOCOL_CORE;
> > Globals._security = SEC_AUTO;
> > Globals.encrypt_passwords = true;
> > --
> > 2.6.0.rc2.230.g3dd15c0
> >
> >
> > From 7dce3b7f63ba442a4203b2951b521096bb98c062 Mon Sep 17 00:00:00 2001
> > From: Christof Schmitt <cs at samba.org>
> > Date: Wed, 18 Nov 2015 12:28:19 -0700
> > Subject: [PATCH 2/4] param: Remove special handling for winbindd max protocol
> >
> > Signed-off-by: Christof Schmitt <cs at samba.org>
> > Reviewed-by: Jeremy Allison <jra at samba.org>
> > ---
> > source3/include/proto.h | 1 -
> > source3/param/loadparm.c | 9 ---------
> > source3/winbindd/winbindd_cm.c | 2 +-
> > 3 files changed, 1 insertion(+), 11 deletions(-)
> >
> > diff --git a/source3/include/proto.h b/source3/include/proto.h
> > index 9dd08fb..b500e62 100644
> > --- a/source3/include/proto.h
> > +++ b/source3/include/proto.h
> > @@ -980,7 +980,6 @@ const char *lp_idmap_backend(const char *domain_name);
> > const char *lp_idmap_default_backend (void);
> > int lp_security(void);
> > int lp_client_max_protocol(void);
> > -int lp_winbindd_max_protocol(void);
> > int lp_smb2_max_credits(void);
> > int lp_cups_encrypt(void);
> > bool lp_widelinks(int );
> > diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> > index 9718b55..3ac8d1e 100644
> > --- a/source3/param/loadparm.c
> > +++ b/source3/param/loadparm.c
> > @@ -4398,15 +4398,6 @@ int lp_client_max_protocol(void)
> > return client_max_protocol;
> > }
> >
> > -int lp_winbindd_max_protocol(void)
> > -{
> > - int client_max_protocol = lp__client_max_protocol();
> > - if (client_max_protocol == PROTOCOL_DEFAULT) {
> > - return PROTOCOL_LATEST;
> > - }
> > - return client_max_protocol;
> > -}
> > -
> > struct loadparm_global * get_globals(void)
> > {
> > return &Globals;
> > diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
> > index 716fa5a..6ce4499 100644
> > --- a/source3/winbindd/winbindd_cm.c
> > +++ b/source3/winbindd/winbindd_cm.c
> > @@ -1050,7 +1050,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
> >
> > result = smbXcli_negprot((*cli)->conn, (*cli)->timeout,
> > lp_client_min_protocol(),
> > - lp_winbindd_max_protocol());
> > + lp_client_max_protocol());
> >
> > if (!NT_STATUS_IS_OK(result)) {
> > DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
> > --
> > 2.6.0.rc2.230.g3dd15c0
> >
> >
> > From b4f6ad71fd906783d100cb89f55526450f622671 Mon Sep 17 00:00:00 2001
> > From: Christof Schmitt <cs at samba.org>
> > Date: Wed, 18 Nov 2015 12:33:03 -0700
> > Subject: [PATCH 3/4] param: Remove special handling for PROTOCOL_DEFAULT
> >
> > Signed-off-by: Christof Schmitt <cs at samba.org>
> > Reviewed-by: Jeremy Allison <jra at samba.org>
> > ---
> > docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 1 -
> > lib/param/loadparm.c | 9 ---------
> > source3/include/proto.h | 1 -
> > source3/param/loadparm.c | 11 +----------
> > source4/param/loadparm.c | 2 +-
> > 5 files changed, 2 insertions(+), 22 deletions(-)
> >
> > diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
> > index 4e8a017..488f92b 100644
> > --- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
> > +++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml
> > @@ -1,7 +1,6 @@
> > <samba:parameter name="client max protocol"
> > context="G"
> > type="enum"
> > - function="_client_max_protocol"
> > enumlist="enum_protocol"
> > xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> > <description>
> > diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
> > index 91f84ba..3d901fc 100644
> > --- a/lib/param/loadparm.c
> > +++ b/lib/param/loadparm.c
> > @@ -3228,15 +3228,6 @@ int lpcfg_security(struct loadparm_context *lp_ctx)
> > lpcfg__security(lp_ctx));
> > }
> >
> > -int lpcfg_client_max_protocol(struct loadparm_context *lp_ctx)
> > -{
> > - int client_max_protocol = lpcfg__client_max_protocol(lp_ctx);
> > - if (client_max_protocol == PROTOCOL_DEFAULT) {
> > - return PROTOCOL_NT1;
> > - }
> > - return client_max_protocol;
> > -}
> > -
> > bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
> > {
> > bool allowed = true;
> > diff --git a/source3/include/proto.h b/source3/include/proto.h
> > index b500e62..d1177f7 100644
> > --- a/source3/include/proto.h
> > +++ b/source3/include/proto.h
> > @@ -979,7 +979,6 @@ bool lp_idmap_default_range(uint32_t *low, uint32_t *high);
> > const char *lp_idmap_backend(const char *domain_name);
> > const char *lp_idmap_default_backend (void);
> > int lp_security(void);
> > -int lp_client_max_protocol(void);
> > int lp_smb2_max_credits(void);
> > int lp_cups_encrypt(void);
> > bool lp_widelinks(int );
> > diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> > index 3ac8d1e..cc90231 100644
> > --- a/source3/param/loadparm.c
> > +++ b/source3/param/loadparm.c
> > @@ -640,7 +640,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
> > Globals.max_open_files = max_open_files();
> > Globals.server_max_protocol = PROTOCOL_SMB3_11;
> > Globals.server_min_protocol = PROTOCOL_LANMAN1;
> > - Globals._client_max_protocol = PROTOCOL_SMB3_11;
> > + Globals.client_max_protocol = PROTOCOL_SMB3_11;
> > Globals.client_min_protocol = PROTOCOL_CORE;
> > Globals._security = SEC_AUTO;
> > Globals.encrypt_passwords = true;
> > @@ -4389,15 +4389,6 @@ int lp_security(void)
> > lp__security());
> > }
> >
> > -int lp_client_max_protocol(void)
> > -{
> > - int client_max_protocol = lp__client_max_protocol();
> > - if (client_max_protocol == PROTOCOL_DEFAULT) {
> > - return PROTOCOL_NT1;
> > - }
> > - return client_max_protocol;
> > -}
> > -
> > struct loadparm_global * get_globals(void)
> > {
> > return &Globals;
> > diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
> > index af3313f..529c828 100644
> > --- a/source4/param/loadparm.c
> > +++ b/source4/param/loadparm.c
> > @@ -40,7 +40,7 @@ void lpcfg_smbcli_options(struct loadparm_context *lp_ctx,
> > options->signing = lpcfg_client_signing(lp_ctx);
> > options->request_timeout = SMB_REQUEST_TIMEOUT;
> > options->ntstatus_support = lpcfg_nt_status_support(lp_ctx);
> > - options->max_protocol = lpcfg__client_max_protocol(lp_ctx);
> > + options->max_protocol = lpcfg_client_max_protocol(lp_ctx);
> > options->unicode = lpcfg_unicode(lp_ctx);
> > options->use_oplocks = true;
> > options->use_level2_oplocks = true;
> > --
> > 2.6.0.rc2.230.g3dd15c0
> >
> >
> > From d113a503b5f0317da3c6af85f9578521646f7c65 Mon Sep 17 00:00:00 2001
> > From: Christof Schmitt <cs at samba.org>
> > Date: Wed, 18 Nov 2015 12:17:35 -0700
> > Subject: [PATCH 4/4] WHATSNEW: Document new setting of 'client max protocol'
> >
> > Signed-off-by: Christof Schmitt <cs at samba.org>
> > Reviewed-by: Jeremy Allison <jra at samba.org>
> > ---
> > WHATSNEW.txt | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/WHATSNEW.txt b/WHATSNEW.txt
> > index 53f7860..1527744 100644
> > --- a/WHATSNEW.txt
> > +++ b/WHATSNEW.txt
> > @@ -40,6 +40,7 @@ smb.conf changes
> > Parameter Name Description Default
> > -------------- ----------- -------
> > aio max threads New 100
> > + client max protocol Changed SMB3_11
> >
> > CTDB changes
> > ------------
> > --
> > 2.6.0.rc2.230.g3dd15c0
> >
>
More information about the samba-technical
mailing list