encrypt the tcon itself if seal requested on mount and set encryption support for 3.11 properly
Steve French
smfrench at gmail.com
Sun Apr 22 15:44:59 UTC 2018
Needed to add one additional minor change for Samba (samba server
doesn't allow the two byte pad at the end of the negotiate context
that was the result of removing one of the ciphers and returned an
error on SMB311 negprot
I need to add:
diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
index 6093e5142b2b..d28f358022c5 100644
--- a/fs/cifs/smb2pdu.h
+++ b/fs/cifs/smb2pdu.h
@@ -297,7 +297,7 @@ struct smb2_encryption_neg_context {
__le16 DataLength;
__le32 Reserved;
__le16 CipherCount; /* AES-128-GCM and AES-128-CCM */
- __le16 Ciphers[2]; /* Ciphers[0] since only one used now */
+ __le16 Ciphers[1]; /* Ciphers[0] since only one used now */
} __packed;
struct smb2_negotiate_rsp {
sfrench at Ubuntu-17-Virtual-Ma
On Sat, Apr 21, 2018 at 12:04 PM, Steve French <smfrench at gmail.com> wrote:
> Any extra testing would be appreciated of this - I tried to Windows
> 2016 with and without encrypted share and also to Samba 4.7
>
> On Fri, Apr 20, 2018 at 11:55 PM, Steve French <smfrench at gmail.com> wrote:
>> On Fri, Apr 20, 2018 at 7:14 PM, Pavel Shilovsky <piastryyy at gmail.com> wrote:
>>> Looks good. Please also fix the encryption negotiate context:
>>
>> Fixed. Disabled AES-128GCM. See attached.
>>
>> Seems to work ok to Windows 3.11 now, and SMB3 tconx is also now
>> encrypted if "seal" chosen on mount - tried it to Windows 2016 and to
>> Samba 4.7
>>
>> Main remaining problem that I see is smb3.11 reconnect (it looks like
>> we are clearing the hash - but must be missing something)
>> --
>> Thanks,
>>
>> Steve
>
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
More information about the samba-technical
mailing list