svn commit: samba r21991 - in branches/SAMBA_3_0/source: include
lib libsmb smbd
Stefan (metze) Metzmacher
metze at samba.org
Fri Mar 30 09:09:17 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Allison schrieb:
>> What is the typical request sequence to establish the encryption context?
>
> trans2 setfsinfo.
what I was after was the request *sequence* from the start of the tcp
connect to the point where the client opens a file.
> No. The use case Steve bugged me about was the ability
> to have some shares (tid's) encrypted and some not on
> the same session. In this case encryption is a property
> of the tid, not the sessionid.
With this model your're not able to protect traffic of userB from userA.
So when you use the encryption context with credentials from userA
to encrypt traffic for one specific tid, then this could happen:
- - userA can read all traffic to the specific tid with wireshark
(when using krb5 userA just need to setup a keytab file with his
password and need to capture the SMB traffic together with the KRB5
AS-REQ/AS-REP and TGS-REQ/TGS-REP)
- - the same tid can be used when userB accesses the same share,
all whole traffic is visible to userA.
So I think it would be much better to use the vuid as enc-ctx,
but check for each call to a specific tid that the call was encrypted
or not. And maybe also allow plain requests with the vuid, or force the
client to create a new vuid for plain traffic.
And for the case vuid == enc-ctx we can better add a new session setup
variant instead of using a trans2 call.
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGDNO9m70gjA5TCD8RAjj8AKCkn1vbC2YEe0Hz3Y9nIeAAFz2EJACfdA53
IAUY6ByuSf+u6E6mvhyFmyE=
=G1o4
-----END PGP SIGNATURE-----
More information about the samba-cvs
mailing list