[PATCH][SMB3.1.1] client support for signing negotiate context

Stefan Metzmacher metze at samba.org
Mon Jun 28 16:05:53 UTC 2021

Am 27.06.21 um 23:03 schrieb Steve French via samba-technical:
> Here is a WIP patch for negotiating optional signing negotiate context
> (which will allow negotiating faster GMAC packet signing if server
> supports it).  This patch handles enabling requesting it during
> negotiate protocol  (set module parm "enable_GMAC_signing" to 1) and
> parsing the negotiate protocol response.

Please drop the GMAC part and negotiate CMAC and HMAC-SHA256 for now.

The GMAC signing has a bug with Cancel PDUs in Windows 2022
(client and server use a different nonce, the client uses the MID of the original request, while sending a MID=0 on the wire,
then server uses MID=0 for the nonce and returns ACCESS_DENIED).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20210628/b9b6a054/OpenPGP_signature.sig>

More information about the samba-technical mailing list