libdsm
libdsm copied to clipboard
videolabs
Support SMB2 and SMB3 when browsing shares
Currently the library does not support browsing and opening shares which enforce the SMB2 or later protocol. This is kinda a dupe for https://github.com/videolabs/libdsm/issues/80. Microsoft officially recommends that file servers disable the SMB1 protocol, so it would be nice if SMBv2 and later is supported.
SMB2 is supported by Microsoft since Windows Vista. The reason I am filing this enhancement request now is that to mitigate against the wannacrypt worm, you can turn off SMB1. So there will be more and more file servers not supporting SMB1.
I've also started to see signs that disabling the SMB1 protocol prevents libdsm from discovering/connecting. No real debug info yet. Under Libdsm 0.2.7
Looks like I'm about to become a smb expert :) On the list it goes as with the recent exploit, I see that smb1 usage will soon hit the dustbin.
Microsoft already started forcefully disabling SMBv1 on Windows 10 (at least in Developer builds). I spent a real hard time figuring out why VLC on Android TV stopped working on my home network with Windows network shares. The reason is that VLC uses this library to connect - so currently any users who wants to play via a network share must enable back the flawed MS implementation on Windows....
Juanradark talk about this : SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 : https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-windows-10-and-windows-server-version-1709
I’ve finally tested this too. libdsm works on my Synology NAS if I have it’s minimum SMB version set to 1, but will outright refuse to connect if I set the minimum SMB version of the NAS to 2.
I just spent a few hours playing with Wireshark and reviewing the SMB1 and SMB2 specs. They’re pretty different. Is it even possible to just slide SMB2 alongside SMB1 in this library?
@TimOliver it's a good question. Technically, it should be doable, but it's a lot of work, notably for authentication.
I successfully cross compiled libsmb2 for iOS and run some examples with https://github.com/szanni/ios-autotools
I can't connect to my Win10 system via VLC due to turning off SMB1. What's the update on this? SMB1 is insecure.
If Windows 10 automatically disabled SMBv1 on your system, here's how to turn it back on: https://www.kapilarya.com/how-to-enable-or-disable-smb-protocols-in-windows-10 :)
Libdsm was built from the beginning as an SMBv1 library. If it wasn't obvious from the above conversation, adding v2 support and above would be a huge amount of work. I'm sure extra help would be appreciated. :)
I have no desire to re-enable it. I disabled it myself. As I stated, smbv1 is insecure and newer versions need to be properly supported. Enabling a security hole is not a solution.
This is an open source project that people contribute to in their free time. If you think it "needs to be supported properly", then please, by all means, start filing pull requests. :)
Or conversely, I wonder if it would be feasible to integrate Ronnie Sahlberg's libdsm2 library into VLC alongside libdsm. The licenses should be compatible.
I know that, and understood, but please do not suggest an insecure solution. I simply am asking if there is a fix. Your second paragraph satisfies my query which is what I asked for. Have a good one.
@TimOliver : if we turn SMBv1 back on Windows, we'll open a vector for serious exploits.
On the other hand, some NAS/router with USB port with a read-only-rom has it's Samba config fixed on SMB1, as I tested; but Samba's SMB1 is not exploitable. So somehow VLC should be able to do SMBv1 as a fallback, if higher versions are not supported by the server.
As for the flame for filling pull requests: I don't know @yllekz, but I'm not an multi-platform C developer, I'm simply not qualified to do this kind of low level networking and integration task on this completely unknown codebase; and I think there are only a couple devs who can do it properly, so this is a bit of a cynic request.
Thirdly, I'd label this issue as a serious security-related task, not an enhancement.
@yllekz I was half joking about turning it back on (That's what the ':)' was for at the end). I apologise. Yeah! I'm following the progress of libsmb2 and a it's evolving really quickly. Hopefully that'll be good enough for VLC soon. :)
@kbalint Thanks for the clarification. It's good to know there might be some edges cases where SMBv1 might still be okay.
I wasn't trying to flame. I'm not a low level network engineer either, but SMBv2 is something I want badly enough that until I found out about libsmb2, I was seriously considering willing to put in the hours needed to add SMBv2 to libdsm myself. So I don't think that was cynical.
In any case, if that looked like an attack, then I'm sorry.
if the licenses are compatible, what are the hurdles left? waiting to see some specific issues reported on his repo fixed?
Any updates on this ? I am almost sure that this is the reason why I can't access anymore any of my files from VLC on iPad since switching to FreeNAS (which, afaik, enforce SMBv2) Can I do something to help speed up the process ? I don't want to use Plex (because it's pushing so hard for me to pay to stream my own files, and it's getting more and more closed source), UPnP is quite buggy, and I can't use NFS on iOS VLC as far as I am aware. So this leaves SMB ;)
So, from what I can gather from the VLC for Android git repository, it seems like VLC should be able to access SMB2 shares now. Ist this correct?
What would it take for libdsm to support SMB3? Would setting up a bounty help to implement this? Because I would be willing to pitch in for SMB3 support in VLC (for Android).
