encrypt the tcon itself if seal requested on mount and set encryption support for 3.11 properly
Steve French
smfrench at gmail.com
Sun Apr 22 23:21:41 UTC 2018
Version 3 of patch attached (works to Samba and Windows with 3.11)
On Sun, Apr 22, 2018 at 10:44 AM, Steve French <smfrench at gmail.com> wrote:
> Needed to add one additional minor change for Samba (samba server
> doesn't allow the two byte pad at the end of the negotiate context
> that was the result of removing one of the ciphers and returned an
> error on SMB311 negprot
>
> I need to add:
>
> diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
> index 6093e5142b2b..d28f358022c5 100644
> --- a/fs/cifs/smb2pdu.h
> +++ b/fs/cifs/smb2pdu.h
> @@ -297,7 +297,7 @@ struct smb2_encryption_neg_context {
> __le16 DataLength;
> __le32 Reserved;
> __le16 CipherCount; /* AES-128-GCM and AES-128-CCM */
> - __le16 Ciphers[2]; /* Ciphers[0] since only one used now */
> + __le16 Ciphers[1]; /* Ciphers[0] since only one used now */
> } __packed;
>
> struct smb2_negotiate_rsp {
> sfrench at Ubuntu-17-Virtual-Ma
>
> On Sat, Apr 21, 2018 at 12:04 PM, Steve French <smfrench at gmail.com> wrote:
>> Any extra testing would be appreciated of this - I tried to Windows
>> 2016 with and without encrypted share and also to Samba 4.7
>>
>> On Fri, Apr 20, 2018 at 11:55 PM, Steve French <smfrench at gmail.com> wrote:
>>> On Fri, Apr 20, 2018 at 7:14 PM, Pavel Shilovsky <piastryyy at gmail.com> wrote:
>>>> Looks good. Please also fix the encryption negotiate context:
>>>
>>> Fixed. Disabled AES-128GCM. See attached.
>>>
>>> Seems to work ok to Windows 3.11 now, and SMB3 tconx is also now
>>> encrypted if "seal" chosen on mount - tried it to Windows 2016 and to
>>> Samba 4.7
>>>
>>> Main remaining problem that I see is smb3.11 reconnect (it looks like
>>> we are clearing the hash - but must be missing something)
>>> --
>>> Thanks,
>>>
>>> Steve
>>
>>
>>
>> --
>> Thanks,
>>
>> Steve
>
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-SMB3-Fix-3.11-encryption-to-Windows-and-handle-encry.patch
Type: text/x-patch
Size: 3907 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180422/a81e91c5/0001-SMB3-Fix-3.11-encryption-to-Windows-and-handle-encry.bin>
More information about the samba-technical
mailing list