Jeremy Allison
2022-Apr-07 18:43 UTC
[Samba] SMB1 can now be removed from the server code !
Hi all,
Just wanted to let everyone know about a milestone in
coding achieved by David Mulder from SuSE.
David reconfigured our codebase to allow the SMB1 code
inside smbd to be removed using an option at configure
time !
Configure Samba using:
configure --without-smb1-server
and smbd will now no longer include any of the SMB1
legacy protocol other than the minimal "bootstrap"
code needed to allow a Windows client to first contact
the server via SMB1 "negotiate protocol" and then
immediately switch to SMB2 (when the smbd server
tells it we no longer support SMB1). This is the
same way a Windows server behaves once SMB1 support
is removed.
This new feature will be available in 4.17.0 (whenever
we ship that :-) but I wanted everyone to know SMB1
is on its way out !
Note that SMB1 support is still allowed in the libsmbclient
libraries to keep maximum backwards compatibility to
legacy servers.
Here is the new WHATSNEW.txt entry.
----------------------------------------------------------------------
Configure without the SMB1 Server
---------------------------------
It is now possible to configure Samba without support for
the SMB1 protocol in smbd. This can be selected at configure
time with either of the options:
--with-smb1-server
--without-smb1-server
By default (without either of these options set) Samba
is configured to include SMB1 support (i.e. --with-smb1-server
is the default). When Samba is configured without SMB1 support,
none of the SMB1 code is included inside smbd except the minimal
stub code needed to allow a client to connect as SMB1 and immediately
negotiate the selected protocol into SMB2 (as a Windows server also
allows).
None of the SMB1-only smb.conf parameters are removed when
configured without SMB1, but these parameters are ignored by
the smbd server. This allows deployment without having to change
an existing smb.conf file.
This option allows sites, OEMs and integrators to configure Samba
to remove the old and insecure SMB1 protocol from their products.
Note that the Samba client libraries still support SMB1 connections
even when Samba is configured as --without-smb1-server. This is
to ensure maximum compatibility with environments containing old
SMB1 servers.
----------------------------------------------------------------------
I want to say a big cowsay:
< THANKS >
--------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
to David Mulder from SuSE for writing this code, and to Samba
Team members Ralph Boehme from SerNet and Andrew Bartlett from
Catalyst for reviewing and improving the code changes before
merge.
Cheers,
Jeremy.