From 38abfa6a576b14304eb16cf4de16af337cdd7157 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 8 Jul 2017 00:57:59 +0200 Subject: [PATCH 1/5] s3:libsmb: let get_ipc_connect() use CLI_FULL_CONNECTION_FORCE_SMB1 get_ipc_connect() is only used in code paths that require cli_NetServerEnum() to work, so it must already require SMB1 only. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 0f9d10246071160dc736205af234ab0ca456d0dc) --- source3/libsmb/cliconnect.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index d98debc7771..91fd18b646f 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -3746,6 +3746,8 @@ struct cli_state *get_ipc_connect(char *server, flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } + flags |= CLI_FULL_CONNECTION_FORCE_SMB1; + nt_status = cli_full_connection(&cli, NULL, server, server_ss, 0, "IPC$", "IPC", get_cmdline_auth_info_username(user_info), lp_workgroup(), -- 2.14.1.480.gb18f417b89-goog From 71ac5447519c1dd9f47de9088899c53ccfbaafb1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Aug 2017 08:55:43 +0200 Subject: [PATCH 2/5] s3:smbclient: improve the error messages for smbclient -L BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 3111463e743dfda89002f1047d1030ab617e5277) --- source3/client/client.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/source3/client/client.c b/source3/client/client.c index 83d9b9d8342..5897cecbdf3 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -5830,6 +5830,7 @@ static int do_host_query(const char *query_host) } if (lp_disable_netbios()) { + d_printf("NetBIOS over TCP disabled -- no workgroup available\n"); goto out; } @@ -5844,21 +5845,19 @@ static int do_host_query(const char *query_host) */ cli_shutdown(cli); + d_printf("Reconnecting with SMB1 for workgroup listing.\n"); status = cli_cm_open(talloc_tos(), NULL, have_ip ? dest_ss_str : query_host, "IPC$", popt_get_cmdline_auth_info(), smb_encrypt, max_proto, NBT_SMB_PORT, name_type, &cli); if (!NT_STATUS_IS_OK(status)) { - cli = NULL; + d_printf("Failed to connect with SMB1 " + "-- no workgroup available\n"); + return 0; } } - if (cli == NULL) { - d_printf("NetBIOS over TCP disabled -- no workgroup available\n"); - return 0; - } - cli_set_timeout(cli, io_timeout*1000); list_servers(lp_workgroup()); out: -- 2.14.1.480.gb18f417b89-goog From f542718d5358f6a29afa975cd948cba7133ebcd7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Aug 2017 08:56:39 +0200 Subject: [PATCH 3/5] s3:smbclient: don't try any workgroup listing with "client min protocol = SMB2" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 379e5c1c2fa75c30b08bea7079cf1e9c46db0b26) --- source3/client/client.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/client/client.c b/source3/client/client.c index 5897cecbdf3..5ef9ad52151 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -5829,6 +5829,11 @@ static int do_host_query(const char *query_host) } } + if (lp_client_min_protocol() > PROTOCOL_NT1) { + d_printf("SMB1 disabled -- no workgroup available\n"); + goto out; + } + if (lp_disable_netbios()) { d_printf("NetBIOS over TCP disabled -- no workgroup available\n"); goto out; -- 2.14.1.480.gb18f417b89-goog From 16d71f4586a2badab52e99db7f3ef34b504d36c0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Aug 2017 12:38:30 +0200 Subject: [PATCH 4/5] s3:libsmb: don't call cli_NetServerEnum() on SMB2/3 connections in SMBC_opendir_ctx() This is all we can do with when using we allow SMB2/3 and the server supports it, 'smb://' can't work unless we implement LLMNR and maybe WSD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit ecca95736d3994011de2d3fd882b58ab9b450a83) --- source3/libsmb/libsmb_dir.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 8038584138b..72441c46736 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -590,6 +590,10 @@ SMBC_opendir_ctx(SMBCCTX *context, continue; } + if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) { + continue; + } + dir->srv = srv; dir->dir_type = SMBC_WORKGROUP; @@ -704,6 +708,15 @@ SMBC_opendir_ctx(SMBCCTX *context, dir->srv = srv; + if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) { + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); + } + TALLOC_FREE(frame); + return NULL; + } + /* Now, list the servers ... */ if (!cli_NetServerEnum(srv->cli, wgroup, 0x0000FFFE, list_fn, -- 2.14.1.480.gb18f417b89-goog From 07ef5e6913fcf7425df534ab0e5d2490ed1f7da6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Aug 2017 12:42:48 +0200 Subject: [PATCH 5/5] s3:libsmb: let do_connect() debug the negotiation result similar to "session request ok" Also modify non-specified max_protocol to be PROTOCOL_LATEST (currently PROTOCOL_SMB3_11). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 2901ed0deb1324cacdc804fe5a09468a91661f9d) --- source3/libsmb/clidfs.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 207b3240f5e..1feeca9122d 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -149,6 +149,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, const char *domain; NTSTATUS status; int flags = 0; + enum protocol_types protocol = PROTOCOL_NONE; int signing_state = get_cmdline_auth_info_signing_state(auth_info); struct cli_credentials *creds = NULL; @@ -204,7 +205,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, } if (max_protocol == 0) { - max_protocol = PROTOCOL_NT1; + max_protocol = PROTOCOL_LATEST; } DEBUG(4,(" session request ok\n")); @@ -218,8 +219,12 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, cli_shutdown(c); return status; } + protocol = smbXcli_conn_protocol(c->conn); + DEBUG(4,(" negotiated dialect[%s] against server[%s]\n", + smb_protocol_types_string(protocol), + smbXcli_conn_remote_name(c->conn))); - if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { + if (protocol >= PROTOCOL_SMB2_02) { /* Ensure we ask for some initial credits. */ smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS); } -- 2.14.1.480.gb18f417b89-goog