encrypt the tcon itself if seal requested on mount and set encryption support for 3.11 properly

Steve French smfrench at gmail.com
Sun Apr 22 23:21:41 UTC 2018 

Version 3 of patch attached (works to Samba and Windows with 3.11)



On Sun, Apr 22, 2018 at 10:44 AM, Steve French <smfrench at gmail.com> wrote:
> Needed to add one additional minor change for Samba (samba server
> doesn't allow the two byte pad at the end of the negotiate context
> that was the result of removing one of the ciphers and returned an
> error on SMB311 negprot
>
> I need to add:
>
> diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
> index 6093e5142b2b..d28f358022c5 100644
> --- a/fs/cifs/smb2pdu.h
> +++ b/fs/cifs/smb2pdu.h
> @@ -297,7 +297,7 @@ struct smb2_encryption_neg_context {
>         __le16  DataLength;
>         __le32  Reserved;
>         __le16  CipherCount; /* AES-128-GCM and AES-128-CCM */
> -       __le16  Ciphers[2]; /* Ciphers[0] since only one used now */
> +       __le16  Ciphers[1]; /* Ciphers[0] since only one used now */
>  } __packed;
>
>  struct smb2_negotiate_rsp {
> sfrench at Ubuntu-17-Virtual-Ma
>
> On Sat, Apr 21, 2018 at 12:04 PM, Steve French <smfrench at gmail.com> wrote:
>> Any extra testing would be appreciated of this - I tried to Windows
>> 2016 with and without encrypted share and also to Samba 4.7
>>
>> On Fri, Apr 20, 2018 at 11:55 PM, Steve French <smfrench at gmail.com> wrote:
>>> On Fri, Apr 20, 2018 at 7:14 PM, Pavel Shilovsky <piastryyy at gmail.com> wrote:
>>>> Looks good. Please also fix the encryption negotiate context:
>>>
>>>  Fixed. Disabled AES-128GCM.  See attached.
>>>
>>> Seems to work ok to Windows 3.11 now, and SMB3 tconx is also now
>>> encrypted if "seal" chosen on mount - tried it to Windows 2016 and to
>>> Samba 4.7
>>>
>>> Main remaining problem that I see is smb3.11 reconnect (it looks like
>>> we are clearing the hash - but must be missing something)
>>> --
>>> Thanks,
>>>
>>> Steve
>>
>>
>>
>> --
>> Thanks,
>>
>> Steve
>
>
>
> --
> Thanks,
>
> Steve



-- 
Thanks,

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-SMB3-Fix-3.11-encryption-to-Windows-and-handle-encry.patch
Type: text/x-patch
Size: 3907 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180422/a81e91c5/0001-SMB3-Fix-3.11-encryption-to-Windows-and-handle-encry.bin>

More information about the samba-technical mailing list