[cifs-protocol] [REG:112080864018345] SMB3 encryption over multiple requests
Stefan (metze) Metzmacher
metze at samba.org
Wed Aug 22 08:18:48 MDT 2012
Hi Edgar,
thanks for the answers, I have some more questions inline.
> What about async responses with STATUS_PENDING, are they also encrypted?
>
> [Answer]
> Yes. The exceptions that are not encrypted are SMB2 NEGOTIATE, SMB2 SESSION_SETUP or SMB2 TREE_CONNECT as documented in 3.2.4.1.8 Encrypting the Message, 3.3.4.1.4 Encrypting the Message.
Windows doesn't complain if the client encrypt SESSION_SETUP (for
reauth/or channel bind) and TREE_CONNECTS.
> How does it work, when the last request in a compound chain goes async?
>
> [Answer]
> There is no change of processing rules for the encryption due to the last request in a compounded chain going async.
>
> Are Oplock/Lease Break Notifications encrypted?
>
> [Answer] Yes, see previous answer and references.
For Oplocks the server known the session from the file_id,
but what session is used for leases?
To my understanding a lease key can be shared between sessions, is that
correct?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120822/4edfba8e/attachment.pgp>
More information about the cifs-protocol
mailing list