[PATCH] smb encrypt - new value desired

Guenther Deschner gd at samba.org
Tue Jul 7 13:01:49 CEST 2015 

Hi Michael,

LGTM. RB+ and pushed to autobuild.

Thanks,
Guenther

On 07/07/15 01:04, Michael Adam wrote:
> On 2015-07-02 at 15:32 +0200, Michael Adam wrote:
>> On 2015-07-01 at 23:29 +0200, Michael Adam wrote:
>>> On 2015-07-01 at 18:22 +0200, Michael Adam wrote:
>>>> On 2015-07-01 at 16:30 +0200, Michael Adam wrote:
>>>>>
>>>>> Update:
>>>>>
>>>>> The difference in behaviour is in treating a 'disobedient'
>>>>> client that does not send encrypted requests although we
>>>>> (the server) send ENCRYPT_DATA in tree connect or session
>>>>> setup response.
>>>>>
>>>>> I just tested against windows.
>>>>> Windows is generous in that it permits unencrypted request
>>>>> packets, but sends encrypted responses.
>>>>>
>>>>> With the proposed patch we would be less generous and
>>>>> deny unecrypted requests after having sent ENCRYPT_DATA.
>>>>>
>>>>> With Metze's proposed change, we would accept unencrypted
>>>>> requests but without further changes send unencrypted
>>>>> responses to those.
>>>>>
>>>>> I'll see what I can do regarding this last approach to
>>>>> match windows behaviour more exactly...
>>>>
>>>> Attached find an updated patchset that implements the
>>>> exact windows behaviour described above.
>>>> It is not sooo big after all. Maybe we can take and
>>>> backport it.
>>>>
>>>> Feedback/Review welcome!
>>>
>>> Oh, apparently it is not complete yet. :-/
>>> Some tests fail with this patchset.
>>
>> Attached is the new version of this patchset.
>> It now survives all smb2 related tests.
>> I am currently running a full autobuild for verification.
>>
>> The only issue that needs resolution is the
>> addition of encryption desired to
>> smbXsrv_session->global and smbXsrv_tcon->global.
>> Currently I have inserted them in the logically
>> best place (imho), but with respect to alignment
>> and structure size we may need another solution.
>>
>> Apart from this, I think the patchset should be good.
> 
> Attached is the (hopefully final) updated patchset.
> It fixes the abovementioned issue by putting the
> encryption_desired variable not into smbXsrv_session|tcon->global
> but into smbXsrv_session|tcon directly so that it
> does not get marshalled and put to disk.
> 
> Review/comments welcome.
> 
> Michael
> 


-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org

More information about the samba-technical mailing list