From owner-freebsd-fs@freebsd.org Fri Jun 23 00:43:07 2017 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C978D9884E for ; Fri, 23 Jun 2017 00:43:07 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670046.outbound.protection.outlook.com [40.107.67.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 238D371667 for ; Fri, 23 Jun 2017 00:43:06 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0190.CANPRD01.PROD.OUTLOOK.COM (10.165.218.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.14; Fri, 23 Jun 2017 00:43:03 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1178.023; Fri, 23 Jun 2017 00:43:03 +0000 From: Rick Macklem To: Matt B CC: "freebsd-fs@freebsd.org" Subject: Re: SMBv1 Deprecation Thread-Topic: SMBv1 Deprecation Thread-Index: AQHS647UYCj1ThwsvUCkJ0Hkf0cfhqIxY+HFgAAwRYCAAAc7aA== Date: Fri, 23 Jun 2017 00:43:03 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0190; 7:TkblkZJUMONTPhGOMg7AVy2iz3x0zNDcE/pWREtX/9cULL9rXl/VIgOE1bts7eMR8Qr1nw0ereO33jTs71cFhFNk5jETWM2rWRkeZmJNZAlzQjaMjtWg+wwlA3JVIk3fHgqV1d65EHxTZxgNker3K6xgQ6CGE32bM3cR/Uss9+p20wJofHK57vLsWP6UHZysocVcJMYuRl67sdao88ecKF8tjj08uAEzT4kwQmY2U5O7DZvKJsxKNJ1kq1FNmgigy3UNHCwbZZCB31f3ng2sava1y8e8DxFpic8k90CdOaS1UWu1AtlSTV4q2ckrOFUH4WbNnEHWGm0vAZEut/5MZWgcGTkolctOFyqyaXTO/sJFqFPiHH+189U7PjUCUcTvAJiET8ZJu1+ionJrMzfOkXXyl8MoxUeYEKlk0ozax5cQuI47Kj8K2dHVv2mJEyNkZ3TznypgL1IzaIe4Y0eCyZVQY1ksSKxBIAhLlZquuI++avF/gPgDr4h7APuE5W70gIgrqWxupUw2i/hFvSNT1cEGiVGGPCstFwGVQzANx5qBoc24qyHOTkleDvdYi1L8l0a0xcSwHKb8c1zFcVKWGSeLPscErmRAKQ9lcqlfCXSpOpZ4MmwqTc53jCiI7nxXfpA83dvYe9z1sF0ekeLMlxtAen4r+3EGnqC8Lx3S02nno/OCHvTd8q7WGw4FK7+wzq6qzkacLU9BTvyIzXaoE+jY7E5W7LxxVzMA+NAK0ymbhrqMpBdArocT7khGF9TpxMhqFGirHrQV2uboYASWlBloV4Z6DYsoajfFEESPVU0= x-ms-office365-filtering-correlation-id: d72f64bf-10c4-4269-e209-08d4b9d0ce87 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:YTXPR01MB0190; x-ms-traffictypediagnostic: YTXPR01MB0190: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(75325880899374)(211171220733660); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(6041248)(20161123564025)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123562025)(20161123555025)(20161123560025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:YTXPR01MB0190; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:YTXPR01MB0190; x-forefront-prvs: 0347410860 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39850400002)(39400400002)(39450400003)(39840400002)(24454002)(377454003)(478600001)(6306002)(966005)(9686003)(4326008)(305945005)(2900100001)(53546010)(74482002)(81166006)(68736007)(2906002)(8936002)(77096006)(3280700002)(55016002)(25786009)(53936002)(122556002)(3660700001)(74316002)(39060400002)(7116003)(102836003)(38730400002)(6506006)(8676002)(6916009)(2950100002)(6436002)(189998001)(86362001)(1411001)(54356999)(7696004)(229853002)(6246003)(5660300001)(110136004)(50986999)(76176999)(14454004)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0190; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2017 00:43:03.4961 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0190 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 00:43:07 -0000 Mac OS X uses a very different VFS than FreeBSD (unless you go back to 10.3 Panther). As such, I'm afraid it won't be a straightforward port. Good luck with it. Maybe someone else reading this will be interested in helping out, rick ________________________________________ From: Matt B Sent: Thursday, June 22, 2017 8:14:09 PM To: Rick Macklem Cc: freebsd-fs@freebsd.org Subject: Re: SMBv1 Deprecation I totally understand. I try to support the FreeBSD Foundation with donation= s as often as I can as well as reporting bugs promptly as I am sure resourc= es are spread thin. My skill set isn't really that of a programmer though. = I am working right now at checking the Darwin/OS X code for mount_smbfs and= other modules associated with smbfs in the hopes of possibly getting somet= hing viable for BSD, even if it has to be a port due to license issues. Pro= gress is slow just due to lack of knowledge in the programming arena. On Thu, Jun 22, 2017 at 5:30 PM, Rick Macklem > wrote: Well, the short answer is...somebody has to do it. (At this time, I believe that there are two people employed by the FreeBSD Foundation to do FreeBSD kernel work.) The rest of FreeBSD's development is done by volunteers (some of which do the work for an employer and get permission from the employer to upstream the work). I, for example, do NFS as a hobby and always have, but to be honest, there aren't many out there as stupid as I am and willing to do this;-) So, if you have the skills and time, feel free to do an implementation and, so long it is appropriately licensed (no GPL or similar), I suspect someone would be willing to work with you to get it into FreeBSD. If there is an SMBv2 implementation in one of the other BSDen (NetBSD, OpenBSD,...) the port wouldn't be an immense amount of work, but there are differences in the VFS and similar that will need to be dealt with. Otherwise, you are pretty much implementing it from scratch, using the SMBv1 code as a starting point. rick ________________________________________ From: owner-freebsd-fs@freebsd.org > on behalf = of Matt B > Sent: Thursday, June 22, 2017 3:36:14 PM To: freebsd-fs@freebsd.org Subject: SMBv1 Deprecation Long time user of FreeBSD here. I have been happily using the mount_smbfs binary and in my fstab to mount Windows Shares on boot to be used by various network services house on multiple FreeBSD systems. Sadly, it appears these connections all use SMBv1 NT1 security to perform the mount operation. With the new security landscape, post-WannaCry ransomware, in a mixed-mode environment where all the shares live in Windows, that just won't do. This has been discussed many times before in the past but there hasn't been any headway AFAIK. Every other piece of software I have encountered has moved away from this deprecated network protocol to the far more secure versions of SMB to perform Windows share operations. As a stop gap, I have implemented a very rudimentary NFS server advertising shares, but configuring a Kerberos infrastructure and setting new accounts for each and every service (not to mention the new permissions nightmares even with Active Directory) on multiple BSD systems is arduous. Rather, I am wondering why FreeBSD is behind the ball on the development? The other Linux based systems I run required a simple addition of the vers=3DSMB2 fla= g to the fstab entry to successfully mount. I understand the code base is very old for the mount_smbfs, but what is the way forward here? NFS is simply a workaround as far as I am concerned and every other *nix style distro seems to play nice with SMB. Is there an ETR on this greatly needed and long overdue update to mount newer style SMB shares? _______________________________________________ freebsd-fs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-fs To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org"