[PATCH] smb encrypt - new value desired
Michael Adam
obnox at samba.org
Thu Jul 2 22:50:08 CEST 2015
On 2015-07-02 at 15:32 +0200, Michael Adam wrote:
> On 2015-07-01 at 23:29 +0200, Michael Adam wrote:
> > On 2015-07-01 at 18:22 +0200, Michael Adam wrote:
> > > On 2015-07-01 at 16:30 +0200, Michael Adam wrote:
> > > >
> > > > Update:
> > > >
> > > > The difference in behaviour is in treating a 'disobedient'
> > > > client that does not send encrypted requests although we
> > > > (the server) send ENCRYPT_DATA in tree connect or session
> > > > setup response.
> > > >
> > > > I just tested against windows.
> > > > Windows is generous in that it permits unencrypted request
> > > > packets, but sends encrypted responses.
> > > >
> > > > With the proposed patch we would be less generous and
> > > > deny unecrypted requests after having sent ENCRYPT_DATA.
> > > >
> > > > With Metze's proposed change, we would accept unencrypted
> > > > requests but without further changes send unencrypted
> > > > responses to those.
> > > >
> > > > I'll see what I can do regarding this last approach to
> > > > match windows behaviour more exactly...
> > >
> > > Attached find an updated patchset that implements the
> > > exact windows behaviour described above.
> > > It is not sooo big after all. Maybe we can take and
> > > backport it.
> > >
> > > Feedback/Review welcome!
> >
> > Oh, apparently it is not complete yet. :-/
> > Some tests fail with this patchset.
>
> Attached is the new version of this patchset.
> It now survives all smb2 related tests.
> I am currently running a full autobuild for verification.
Update: it survives complete autobuild.
> The only issue that needs resolution is the
> addition of encryption desired to
> smbXsrv_session->global and smbXsrv_tcon->global.
> Currently I have inserted them in the logically
> best place (imho), but with respect to alignment
> and structure size we may need another solution.
>
> Apart from this, I think the patchset should be good.
>
> Comments welcome!
>
> Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150702/cf50e90e/attachment.pgp>
More information about the samba-technical
mailing list