svn commit: samba r21991 - in branches/SAMBA_3_0/source:
include lib libsmb smbd
Andrew Bartlett
abartlet at samba.org
Fri Mar 30 09:25:54 GMT 2007
On Fri, 2007-03-30 at 11:09 +0200, Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeremy Allison schrieb:
> >> What is the typical request sequence to establish the encryption context?
> >
> > trans2 setfsinfo.
>
> what I was after was the request *sequence* from the start of the tcp
> connect to the point where the client opens a file.
>
> > No. The use case Steve bugged me about was the ability
> > to have some shares (tid's) encrypted and some not on
> > the same session. In this case encryption is a property
> > of the tid, not the sessionid.
>
> With this model your're not able to protect traffic of userB from userA.
>
> So when you use the encryption context with credentials from userA
> to encrypt traffic for one specific tid, then this could happen:
>
> - - userA can read all traffic to the specific tid with wireshark
> (when using krb5 userA just need to setup a keytab file with his
> password and need to capture the SMB traffic together with the KRB5
> AS-REQ/AS-REP and TGS-REQ/TGS-REP)
>
> - - the same tid can be used when userB accesses the same share,
> all whole traffic is visible to userA.
>
> So I think it would be much better to use the vuid as enc-ctx,
> but check for each call to a specific tid that the call was encrypted
> or not. And maybe also allow plain requests with the vuid, or force the
> client to create a new vuid for plain traffic.
Jeremy and I discussed this on IRC, and we basiclly agreed that we
needed to tie it to the VUID, for this kind of reason.
> And for the case vuid == enc-ctx we can better add a new session setup
> variant instead of using a trans2 call.
I agree that the trans2 stuff is ugly, but at least it is in an already
reserved space in the protocol. Whatever we do, we should continue to
allow a re-key modal (despite the issues it then has with credentials
expiring/passwords changing).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20070330/3afcd39f/attachment.bin
More information about the samba-cvs
mailing list