From owner-freebsd-arch@freebsd.org Tue Nov 27 17:15:01 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1ECD311550D1 for ; Tue, 27 Nov 2018 17:15:01 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5F4D389003; Tue, 27 Nov 2018 17:15:00 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id 7BA763C475F; Tue, 27 Nov 2018 17:14:59 +0000 (UTC) Date: Tue, 27 Nov 2018 17:14:59 +0000 From: Brooks Davis To: Yuri Pankov Cc: Edward Napierala , gerard@seibercom.net, freebsd-arch@freebsd.org Subject: Re: Removal or updating of "mount_smbfs" from FreeBSD operating system Message-ID: <20181127171459.GC52968@spindle.one-eyed-alien.net> References: <20181126121926.00007626@seibercom.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4ZLFUWh1odzi/v6L" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Rspamd-Queue-Id: 5F4D389003 X-Spamd-Result: default: False [-7.54 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[freebsd.org]; AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: spindle.one-eyed-alien.net]; NEURAL_HAM_SHORT(-0.99)[-0.993,0]; R_SPF_NA(0.00)[]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net]; IP_SCORE(-3.64)[ip: (-9.45), ipnet: 199.48.128.0/22(-4.73), asn: 36236(-3.92), country: US(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2018 17:15:01 -0000 --4ZLFUWh1odzi/v6L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 27, 2018 at 07:55:54PM +0300, Yuri Pankov wrote: > Edward Napierala wrote: > > pon., 26 lis 2018 o 17:20 Gerard Seibert napisa?= ?(a): > >> > >> TO WHOM IT MAY CONCERN > >> > >> The ???SMBv1??? protocol is a security hazard and was depreciated by M= icrosoft in > >> 2014. There is virtually no use for it anymore. > >> > >> The ???mount_smbfs??? utility in FreeBSD only uses that protocol, whic= h results > >> in making it useless with newer versions of Microsoft???s operating sy= stems, as > >> well as other OS???s that have depreciated the use of SMBv1. > >> > >> I would like to suggest that FreeBSD do one of the following: > >> > >> 1) Remove ???mount_smbfs??? from FreeBSD. This would probably be in ve= rsions 12.1 > >> or 13. It is perhaps too late to get into FreeBSD 12. > >> > >> 2) Update ???mount_smbfs??? so that it is compatible with versions SMB= v3 and > >> greater. While "SMBv2" is not dead, it is definitely comatose. This wo= uld be a > >> better idea if someone had the time to do it. > >=20 > > FWIW, I believe SMBv3 is just a set of (largely optional) extensions to= SMBv2, > > not an entirely different protocol, like SMBv1 is. Which means, any ve= rsion > > that supports v3 is likely to also handle v2. > >=20 > > There seems to be existing, working code in Nexenta, which is being > > upstreamed to Illumos: > >=20 > > https://www.illumos.org/issues/9735 > > https://github.com/illumos/illumos-gate/pull/37 > >=20 > > Their implementation descends from the one we have in base (and the one > > from OSX, which also descends from FreeBSD), so it should be possible to > > merge it. >=20 > Yes, we have it working and tested pretty well. And that's exactly the > reason I was asking if there's work in progress for smb2/3 client or not > before even starting looking into porting the code. >=20 > The problem here is that the code has grown library dependencies which > are CDDL-licensed, which aren't easy to break (if at all), so if ported, > it will be covered by WITHOUT_CDDL; hopefully that's acceptable. It's > possible that Nexenta-authored code could be relicensed under BSDL (I'll > have to ask, we already have a precedent with localedef), but sadly that > doesn't cover everything. I think making this CDDL is fine. Certaintly better than failing to support SMBv2/v3. -- Brooks --4ZLFUWh1odzi/v6L Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJb/XuSAAoJEKzQXbSebgfAX60H/30jgIbSCKDHdn0edJm17AQ2 +GfKMyo0LEMOfURR7JHAKw7uABsCajOMEnJxpRi7P4htuth2qxQNOGAvNmCO8v44 xumJKzPUjRy6hSgk6BjrObchKJe6IUNO9XkoEN65p8+1sA6YGot0JTGGpQppQQhj QslsNRDHMJKYXnI+XpXg9+r9646EpSrVwcpVjRfa2YnmkbioNZtL3OVS3uavnWEJ 5CZjsR0b2bu1dfscuiAX+Afe4PKv0xelYqlR+v11fsHqM80HHvj4VIPJxBu192oR BXE9kI6xVQ3/FeZi3OGF9mzLSSi7i0dd2qQb6hkiH+FSF30ZxHqUbLNYeWvIKWQ= =Z++p -----END PGP SIGNATURE----- --4ZLFUWh1odzi/v6L--