[PATCH] slirp: samba, set 'server min protocol' to NT1

[PATCH] slirp: samba, set 'server min protocol' to NT1

[Jiri Slaby]

Samba changed the default of server min protocol from LANMAN1 (very old
protocol) to SMB2_02 (only Vista and newer) in commit 840b8501b436
(docs-xml: change "server min protocol" to SMB2_02).

WXP guests cannot use the samba shares since then as it uses a protocol
newer than LANMAN1, but older than SMB2_02: NT1 protocol. So set 'server
min protocol' in the samba config used in qemu to NT1. This restores
support for WinNT and newer (WXP including).

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/slirp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/slirp.c b/net/slirp.c
index c4334ee876c7..b3bc4a2bded7 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -887,6 +887,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
             "printing = bsd\n"
             "disable spoolss = yes\n"
             "usershare max shares = 0\n"
+            "server min protocol = NT1\n"
             "[qemu]\n"
             "path=%s\n"
             "read only=no\n"
-- 
2.25.1

Re: [PATCH] slirp: samba, set 'server min protocol' to NT1

[Daniel P. Berrangé]

On Tue, Feb 25, 2020 at 11:27:58AM +0100, Jiri Slaby wrote:
> Samba changed the default of server min protocol from LANMAN1 (very old
> protocol) to SMB2_02 (only Vista and newer) in commit 840b8501b436
> (docs-xml: change "server min protocol" to SMB2_02).
> 
> WXP guests cannot use the samba shares since then as it uses a protocol
> newer than LANMAN1, but older than SMB2_02: NT1 protocol. So set 'server
> min protocol' in the samba config used in qemu to NT1. This restores
> support for WinNT and newer (WXP including).
>
> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
> ---
>  net/slirp.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/net/slirp.c b/net/slirp.c
> index c4334ee876c7..b3bc4a2bded7 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -887,6 +887,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
>              "printing = bsd\n"
>              "disable spoolss = yes\n"
>              "usershare max shares = 0\n"
> +            "server min protocol = NT1\n"
>              "[qemu]\n"
>              "path=%s\n"
>              "read only=no\n"

IIUC, the older protocol version has a number of downsides, both security
and performance related, which is why Samba has removed it from the
default config.  Do we really want to revert this defaults change that
Samba maintainers made, in order to cope with a guest OS which was
end-of-life 11 years ago ? It feels questionable to me.

Maybe QEMU's command line needs to include an option to set the min
protocol version, so that we don't need to hardcode this obsolete protocol
version in the source.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH] slirp: samba, set 'server min protocol' to NT1

[Jiri Slaby]

On 25. 02. 20, 11:43, Daniel P. Berrangé wrote:
> On Tue, Feb 25, 2020 at 11:27:58AM +0100, Jiri Slaby wrote:
>> Samba changed the default of server min protocol from LANMAN1 (very old
>> protocol) to SMB2_02 (only Vista and newer) in commit 840b8501b436
>> (docs-xml: change "server min protocol" to SMB2_02).
>>
>> WXP guests cannot use the samba shares since then as it uses a protocol
>> newer than LANMAN1, but older than SMB2_02: NT1 protocol. So set 'server
>> min protocol' in the samba config used in qemu to NT1. This restores
>> support for WinNT and newer (WXP including).
>>
>> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
>> ---
>>  net/slirp.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/net/slirp.c b/net/slirp.c
>> index c4334ee876c7..b3bc4a2bded7 100644
>> --- a/net/slirp.c
>> +++ b/net/slirp.c
>> @@ -887,6 +887,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
>>              "printing = bsd\n"
>>              "disable spoolss = yes\n"
>>              "usershare max shares = 0\n"
>> +            "server min protocol = NT1\n"
>>              "[qemu]\n"
>>              "path=%s\n"
>>              "read only=no\n"
> 
> IIUC, the older protocol version has a number of downsides, both security
> and performance related, which is why Samba has removed it from the
> default config.

Sure, but is it that relevant for a VM? I mean, it's "min" protocol,
newer Win will negotiate the latest.

>  Do we really want to revert this defaults change that
> Samba maintainers made, in order to cope with a guest OS which was
> end-of-life 11 years ago ? It feels questionable to me.

It's 6 years, Vista is 3. (The current default still allows Vista.)

> Maybe QEMU's command line needs to include an option to set the min
> protocol version, so that we don't need to hardcode this obsolete protocol
> version in the source.

That would be great. Though I have no idea how to add one :). Something
like "-net user,smb=/home/smb,smbminproto=NT1" would be perfect by me.

thanks,
-- 
js
suse labs