Fixing OSX remote arch detection

Jeremy Allison jra at samba.org
Wed Mar 2 18:22:56 UTC 2016


On Tue, Mar 01, 2016 at 04:00:40PM +0100, Ralph Boehme wrote:
> On Thu, Jan 14, 2016 at 11:48:20AM -0800, Justin Maggard wrote:
> > On Wed, Jan 13, 2016 at 11:53 PM, Volker Lendecke
> > <Volker.Lendecke at sernet.de> wrote:
> > > On Wed, Jan 13, 2016 at 05:43:33PM -0800, Justin Maggard wrote:
> > >> OSX has been getting detected as Vista, for a while now.  Fortunately,
> > >> it appears to advertise a unique protocol list, so we should be able to
> > >> detect it easily.  However, I was having trouble deciphering the cryptic
> > >> method of doing remote arch detection; so I gave up and rewrote it in a
> > >> way that I (and hopefully others) can understand more easily. :-)
> > >>
> > >> I tested locally on the various platforms I have handy (OSX El Capitan,
> > >> WinNT 4, Win10, Samba/smbclient, and CIFSFS), and did not find any
> > >> regressions.
> > >
> > > Does OS/X always start with a SMB1-style negprot? This would fall over
> > > if it eventually starts with just an SMB2 negprot.
> > >
> > 
> > Yes, I tried mounting a few different ways, and OSX always started
> > with a SMB1-style negprot.  I understand that if they change their SMB
> > client to skip SMB1 negprot (like CIFSFS does when specifying SMB2 or
> > 3), this will no longer work; but I don't know of an alternative.
> 
> tested & reviewed, can I get a second team member's review please?

Reviewed-by: Jeremy Allison <jra at samba.org>

Justin, here it is with your proper signed-on. Can
you confirm you're OK with this ?

Cheers,

	Jeremy
-------------- next part --------------
From 7449ddbb838e13d49983769fbace0b54896412d0 Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard10 at gmail.com>
Date: Wed, 2 Mar 2016 10:18:34 -0800
Subject: [PATCH 1/2] s3:smbd: rework negprot remote arch detection

Negprot remote arch detection is very cryptic.  Rework it so it's easier
to understand, and therefore more extensible, following the protocol table
in inline comments.  This also allows us to remove some hacks.

Signed-off-by: Justin Maggard <jmaggard10 at gmail.com>
Reviewed-by: Ralph Boehme <rb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
---
 libcli/smb/smb_constants.h  |   1 -
 source3/smbd/negprot.c      | 113 +++++++++++++++++++++++++-------------------
 source3/smbd/smb2_negprot.c |   9 +++-
 3 files changed, 73 insertions(+), 50 deletions(-)

diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index c4cca15..563a574 100644
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -309,7 +309,6 @@ enum csc_policy {
 #define FLAGS2_READ_PERMIT_EXECUTE     0x2000
 #define FLAGS2_32_BIT_ERROR_CODES      0x4000
 #define FLAGS2_UNICODE_STRINGS         0x8000
-#define FLAGS2_WIN2K_SIGNATURE         0xC852 /* Hack alert ! For now... JRA. */
 
 /* FileAttributes (search attributes) field */
 #define FILE_ATTRIBUTE_READONLY		0x0001L
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 83baeb1..9d4e523 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -467,16 +467,34 @@ protocol [LANMAN2.1]
   *  Win2K added by matty 17/7/99
   */
 
-#define ARCH_WFWG     0x3      /* This is a fudge because WfWg is like Win95 */
-#define ARCH_WIN95    0x2
-#define ARCH_WINNT    0x4
-#define ARCH_WIN2K    0xC      /* Win2K is like NT */
-#define ARCH_OS2      0x14     /* Again OS/2 is like NT */
-#define ARCH_SAMBA    0x20
-#define ARCH_CIFSFS   0x40
-#define ARCH_VISTA    0x8C     /* Vista is like XP/2K */
-
-#define ARCH_ALL      0x7F
+#define PROT_PC_NETWORK_PROGRAM_1_0		0x0001
+#define PROT_XENIX_CORE				0x0002
+#define PROT_MICROSOFT_NETWORKS_3_0		0x0004
+#define PROT_DOS_LM1_2X002			0x0008
+#define PROT_MICROSOFT_NETWORKS_1_03		0x0010
+#define PROT_DOS_LANMAN2_1			0x0020
+#define PROT_LANMAN1_0				0x0040
+#define PROT_WFWG				0x0080
+#define PROT_LM1_2X002				0x0100
+#define PROT_LANMAN2_1				0x0200
+#define PROT_NT_LM_0_12				0x0400
+#define PROT_SMB_2_001				0x0800
+#define PROT_SMB_2_002				0x1000
+#define PROT_SMB_2_FF				0x2000
+#define PROT_SAMBA				0x4000
+#define PROT_POSIX_2				0x8000
+
+#define ARCH_WFWG     ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_MICROSOFT_NETWORKS_3_0 | \
+			PROT_DOS_LM1_2X002 | PROT_DOS_LANMAN2_1 | PROT_WFWG )
+#define ARCH_WIN95    ( ARCH_WFWG | PROT_NT_LM_0_12 )
+#define ARCH_WINNT    ( PROT_PC_NETWORK_PROGRAM_1_0 | PROT_XENIX_CORE | \
+			PROT_MICROSOFT_NETWORKS_1_03 | PROT_LANMAN1_0 | PROT_WFWG | \
+			PROT_LM1_2X002 | PROT_LANMAN2_1 | PROT_NT_LM_0_12 )
+#define ARCH_WIN2K    ( ARCH_WINNT & ~(PROT_XENIX_CORE | PROT_MICROSOFT_NETWORKS_1_03) )
+#define ARCH_OS2      ( ARCH_WINNT & ~(PROT_MICROSOFT_NETWORKS_1_03 | PROT_WFWG) )
+#define ARCH_VISTA    ( ARCH_WIN2K | PROT_SMB_2_001 )
+#define ARCH_SAMBA    ( PROT_SAMBA )
+#define ARCH_CIFSFS   ( PROT_POSIX_2 )
 
 /* List of supported protocols, most desired first */
 static const struct {
@@ -510,7 +528,7 @@ void reply_negprot(struct smb_request *req)
 	int chosen_level = -1;
 	int protocol;
 	const char *p;
-	int arch = ARCH_ALL;
+	int protocols = 0;
 	int num_cliprotos;
 	char **cliprotos;
 	int i;
@@ -578,41 +596,46 @@ void reply_negprot(struct smb_request *req)
 	}
 
 	for (i=0; i<num_cliprotos; i++) {
-		if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a"))
-			arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT
-				  | ARCH_WIN2K );
-		else if (strcsequal(cliprotos[i], "DOS LM1.2X002"))
-			arch &= ( ARCH_WFWG | ARCH_WIN95 );
-		else if (strcsequal(cliprotos[i], "DOS LANMAN2.1"))
-			arch &= ( ARCH_WFWG | ARCH_WIN95 );
-		else if (strcsequal(cliprotos[i], "NT LM 0.12"))
-			arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K
-				  | ARCH_CIFSFS);
-		else if (strcsequal(cliprotos[i], "SMB 2.001"))
-			arch = ARCH_VISTA;		
-		else if (strcsequal(cliprotos[i], "LANMAN2.1"))
-			arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
-		else if (strcsequal(cliprotos[i], "LM1.2X002"))
-			arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
-		else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03"))
-			arch &= ARCH_WINNT;
-		else if (strcsequal(cliprotos[i], "XENIX CORE"))
-			arch &= ( ARCH_WINNT | ARCH_OS2 );
-		else if (strcsequal(cliprotos[i], "Samba")) {
-			arch = ARCH_SAMBA;
+		if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a")) {
+			protocols |= PROT_WFWG;
+		} else if (strcsequal(cliprotos[i], "DOS LM1.2X002")) {
+			protocols |= PROT_DOS_LM1_2X002;
+		} else if (strcsequal(cliprotos[i], "DOS LANMAN2.1")) {
+			protocols |= PROT_DOS_LANMAN2_1;
+		} else if (strcsequal(cliprotos[i], "LANMAN1.0")) {
+			protocols |= PROT_LANMAN1_0;
+		} else if (strcsequal(cliprotos[i], "NT LM 0.12")) {
+			protocols |= PROT_NT_LM_0_12;
+		} else if (strcsequal(cliprotos[i], "SMB 2.001")) {
+			protocols |= PROT_SMB_2_001;
+		} else if (strcsequal(cliprotos[i], "SMB 2.002")) {
+			protocols |= PROT_SMB_2_002;
+		} else if (strcsequal(cliprotos[i], "SMB 2.???")) {
+			protocols |= PROT_SMB_2_FF;
+		} else if (strcsequal(cliprotos[i], "LANMAN2.1")) {
+			protocols |= PROT_LANMAN2_1;
+		} else if (strcsequal(cliprotos[i], "LM1.2X002")) {
+			protocols |= PROT_LM1_2X002;
+		} else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03")) {
+			protocols |= PROT_MICROSOFT_NETWORKS_1_03;
+		} else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 3.0")) {
+			protocols |= PROT_MICROSOFT_NETWORKS_3_0;
+		} else if (strcsequal(cliprotos[i], "PC NETWORK PROGRAM 1.0")) {
+			protocols |= PROT_PC_NETWORK_PROGRAM_1_0;
+		} else if (strcsequal(cliprotos[i], "XENIX CORE")) {
+			protocols |= PROT_XENIX_CORE;
+		} else if (strcsequal(cliprotos[i], "Samba")) {
+			protocols = PROT_SAMBA;
 			break;
 		} else if (strcsequal(cliprotos[i], "POSIX 2")) {
-			arch = ARCH_CIFSFS;
+			protocols = PROT_POSIX_2;
 			break;
 		}
 	}
 
-	/* CIFSFS can send one arch only, NT LM 0.12. */
-	if (i == 1 && (arch & ARCH_CIFSFS)) {
-		arch = ARCH_CIFSFS;
-	}
-
-	switch ( arch ) {
+	switch ( protocols ) {
+		/* Old CIFSFS can send one arch only, NT LM 0.12. */
+		case PROT_NT_LM_0_12:
 		case ARCH_CIFSFS:
 			set_remote_arch(RA_CIFSFS);
 			break;
@@ -626,16 +649,10 @@ void reply_negprot(struct smb_request *req)
 			set_remote_arch(RA_WIN95);
 			break;
 		case ARCH_WINNT:
-			if(req->flags2 == FLAGS2_WIN2K_SIGNATURE)
-				set_remote_arch(RA_WIN2K);
-			else
-				set_remote_arch(RA_WINNT);
+			set_remote_arch(RA_WINNT);
 			break;
 		case ARCH_WIN2K:
-			/* Vista may have been set in the negprot so don't 
-			   override it here */
-			if ( get_remote_arch() != RA_VISTA )
-				set_remote_arch(RA_WIN2K);
+			set_remote_arch(RA_WIN2K);
 			break;
 		case ARCH_VISTA:
 			set_remote_arch(RA_VISTA);
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 0bb13bc..e48d2b8 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -258,8 +258,15 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 		}
 	}
 
-	if (get_remote_arch() != RA_SAMBA) {
+	switch (get_remote_arch()) {
+	case RA_VISTA:
+	case RA_SAMBA:
+	case RA_CIFSFS:
+	case RA_OSX:
+		break;
+	default:
 		set_remote_arch(RA_VISTA);
+		break;
 	}
 
 	fstr_sprintf(remote_proto, "SMB%X_%02X",
-- 
2.7.0.rc3.207.g0ac5344


From 81f03f3e5f4a9f5fa1380f92b2d97fbf5425fd4a Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard10 at gmail.com>
Date: Wed, 2 Mar 2016 10:19:56 -0800
Subject: [PATCH 2/2] s3:smbd: add negprot remote arch detection for OSX

Remote arch detection for OSX clients has been broken for some time, since
both Samba and OSX started supporting SMB2.  Fix it by adding modern OSX
client detection support to the negprot remote arch detection routine.

Signed-off-by: Justin Maggard <jmaggard10 at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <rb at sernet.de>
---
 source3/smbd/negprot.c | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 9d4e523..7590421 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -442,26 +442,33 @@ protocol [XENIX CORE]
 protocol [LANMAN1.0]
 protocol [LM1.2X002]
 protocol [LANMAN2.1]
+
+OSX:
+protocol [NT LM 0.12]
+protocol [SMB 2.002]
+protocol [SMB 2.???]
 */
 
 /*
   * Modified to recognize the architecture of the remote machine better.
   *
   * This appears to be the matrix of which protocol is used by which
-  * MS product.
-       Protocol                       WfWg    Win95   WinNT  Win2K  OS/2 Vista
-       PC NETWORK PROGRAM 1.0          1       1       1      1      1     1
-       XENIX CORE                                      2             2
-       MICROSOFT NETWORKS 3.0          2       2       
-       DOS LM1.2X002                   3       3       
-       MICROSOFT NETWORKS 1.03                         3
-       DOS LANMAN2.1                   4       4       
-       LANMAN1.0                                       4      2      3     2
-       Windows for Workgroups 3.1a     5       5       5      3            3
-       LM1.2X002                                       6      4      4     4
-       LANMAN2.1                                       7      5      5     5
-       NT LM 0.12                              6       8      6            6
-       SMB 2.001                                                           7
+  * product.
+       Protocol                       WfWg Win95 WinNT Win2K OS/2 Vista OSX
+       PC NETWORK PROGRAM 1.0          1     1     1     1     1    1
+       XENIX CORE                                  2           2
+       MICROSOFT NETWORKS 3.0          2     2
+       DOS LM1.2X002                   3     3
+       MICROSOFT NETWORKS 1.03                     3
+       DOS LANMAN2.1                   4     4
+       LANMAN1.0                                   4     2     3    2
+       Windows for Workgroups 3.1a     5     5     5     3          3
+       LM1.2X002                                   6     4     4    4
+       LANMAN2.1                                   7     5     5    5
+       NT LM 0.12                            6     8     6     6    6    1
+       SMB 2.001                                                    7
+       SMB 2.002                                                         2
+       SMB 2.???                                                         3
   *
   *  tim at fsg.com 09/29/95
   *  Win2K added by matty 17/7/99
@@ -495,6 +502,7 @@ protocol [LANMAN2.1]
 #define ARCH_VISTA    ( ARCH_WIN2K | PROT_SMB_2_001 )
 #define ARCH_SAMBA    ( PROT_SAMBA )
 #define ARCH_CIFSFS   ( PROT_POSIX_2 )
+#define ARCH_OSX      ( PROT_NT_LM_0_12 | PROT_SMB_2_002 | PROT_SMB_2_FF )
 
 /* List of supported protocols, most desired first */
 static const struct {
@@ -660,6 +668,9 @@ void reply_negprot(struct smb_request *req)
 		case ARCH_OS2:
 			set_remote_arch(RA_OS2);
 			break;
+		case ARCH_OSX:
+			set_remote_arch(RA_OSX);
+			break;
 		default:
 			set_remote_arch(RA_UNKNOWN);
 		break;
-- 
2.7.0.rc3.207.g0ac5344



More information about the samba-technical mailing list