From: "Stefan (metze) Metzmacher" <metze-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
To: Shirish Pargaonkar
<shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 30/45] CIFS: Enable signing in SMB2
Date: Wed, 22 Aug 2012 15:46:06 +0200 [thread overview]
Message-ID: <5034E29E.7030006@samba.org> (raw)
In-Reply-To: <CADT32e+4DSN=CSCbL+8GoRePknpD3X0HSq1hjVsXf3KHXQcmTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1611 bytes --]
Hi Shirish,
> On Tue, Aug 21, 2012 at 2:35 AM, Stefan Metzmacher <metze-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:
>> Hi Pavel,
>>
>>> Use hmac-sha256 and rather than hmac-md5 that is used for CIFS/SMB.
>>>
>>> Signature field in SMB2 header is 16 bytes instead of 8 bytes.
>>
>> Sorry for the late reply, I just found a reference to this patch...
>>
>> To me it seems that this patch doesn't take care of the fact that
>> the signing key in SMB2/3 belongs to the session and not to the transport
>> connection.
>
> metze, where do you see that? This is the signing key that is used to generate
> signature, server->session_key.response.
And 'server' is a per connection state not per session...
which is ok for smb1 but not for smb2.
>> Does the SMB2 code support multiuser mounts yet?
>>
>> Why are you using some "BSRSPYL " magic? I only saw that from Windows
>> clients
>> using SMB1. (Note: that servers just echo the signature from the
>> request, if they don't do signing).
>
> IIRC, Jeff Layton added that code to encode BSRSPYL magic (string).
> I could be wrong, it has been a while.
> But, I do think this is a problem, signature in a smb message is not even
> checked till key exchange handshake is session setup is done, right?
A session setup response with STATUS_SUCCESS is the first signed message.
Before that the server just echos what the client sends.
For SMB1 windows client (and smbclient) send BSRSPYL if they would like to
turn on signing later. But for SMB2 windows and samba send just zeros,
which cifs.ko should also do.
metze
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
next prev parent reply other threads:[~2012-08-22 13:46 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-18 15:48 [PATCH 00/45] SMB2 base operation support Pavel Shilovsky
[not found] ` <1342626541-29872-1-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-07-18 15:48 ` [PATCH 01/45] CIFS: Make CAP_* checks protocol independent Pavel Shilovsky
[not found] ` <1342626541-29872-2-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-07-23 13:55 ` Jeff Layton
[not found] ` <CAKywueTxSBkBfp4wZW8Hy71F3dZ1gsthuHcLVO28--a4oEAMjw@mail.gmail.com>
[not found] ` <CAKywueTxSBkBfp4wZW8Hy71F3dZ1gsthuHcLVO28--a4oEAMjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-07-24 6:37 ` Pavel Shilovsky
2012-07-23 20:59 ` Jeff Layton
[not found] ` <20120723165947.5fad3d87-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2012-07-23 21:14 ` Steve French
2012-07-24 6:38 ` Pavel Shilovsky
2012-07-24 7:21 ` [PATCH v2 1/45] " Pavel Shilovsky
[not found] ` <1343114502-7908-1-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-07-24 17:44 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 02/45] CIFS: Simpliify cifs_mkdir call Pavel Shilovsky
[not found] ` <1342626541-29872-3-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-08-01 19:39 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 03/45] CIFS: Separate protocol specific part from mkdir Pavel Shilovsky
[not found] ` <1342626541-29872-4-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-08-01 19:41 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 04/45] CIFS: Add SMB2 support for mkdir operation Pavel Shilovsky
[not found] ` <1342626541-29872-5-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-08-01 19:42 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 05/45] CIFS: Move rmdir code to ops struct Pavel Shilovsky
[not found] ` <1342626541-29872-6-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-08-01 19:45 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 06/45] CIFS: Add SMB2 support for rmdir Pavel Shilovsky
[not found] ` <1342626541-29872-7-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-08-01 19:47 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 07/45] CIFS: Protect i_nlink from being negative Pavel Shilovsky
[not found] ` <1342626541-29872-8-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-07-28 11:48 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 08/45] CIFS: Move unlink code to ops struct Pavel Shilovsky
[not found] ` <1342626541-29872-9-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-09-12 19:48 ` Jeff Layton
[not found] ` <20120912154804.19b97830-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2012-09-12 20:10 ` Jeff Layton
[not found] ` <20120912161038.4c32810a-4QP7MXygkU+dMjc06nkz3ljfA9RmPOcC@public.gmane.org>
2012-09-13 6:04 ` Pavel Shilovsky
[not found] ` <CAKywueTvDNzQQVG0TEvhu2CxEERQc9dxH-VuUwmgOf5d7eeniA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-09-13 6:12 ` [PATCH v2 9/45] " Pavel Shilovsky
[not found] ` <1347516738-6861-1-git-send-email-pshilovsky-7qunaywFIewox3rIn2DAYQ@public.gmane.org>
2012-09-13 12:07 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 09/45] CIFS: Add SMB2 support for unlink Pavel Shilovsky
[not found] ` <1342626541-29872-10-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-09-12 19:51 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 10/45] CIFS: Replace netfid with cifs_fid struct in cifsFileInfo Pavel Shilovsky
[not found] ` <1342626541-29872-11-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-09-12 19:55 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 11/45] CIFS: Move open code to ops struct Pavel Shilovsky
[not found] ` <1342626541-29872-12-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-09-12 20:12 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 12/45] CIFS: Move close " Pavel Shilovsky
[not found] ` <1342626541-29872-13-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-09-13 15:45 ` Jeff Layton
2012-07-18 15:48 ` [PATCH 13/45] CIFS: Add open/close file support for SMB2 Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 14/45] CIFS: Move guery file info code to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 15/45] CIFS: Add SMB2 support for query_file_info Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 16/45] CIFS: Move create code use ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 17/45] CIFS: Move reopen code to " Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 18/45] CIFS: Make flush code use " Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 19/45] CIFS: Add SMB2 support for flush Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 20/45] CIFS: Move r/wsize negotiating to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 21/45] CIFS: Add SMB2 r/wsize negotiating Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 22/45] CIFS: Move async read to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 23/45] CIFS: Add SMB2 support for cifs_iovec_read Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 24/45] CIFS: Move async write to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 25/45] CIFS: Add SMB2 support for cifs_iovec_write Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 26/45] CIFS: Move readpage code to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 27/45] CIFS: Add readpage support for SMB2 Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 28/45] CIFS: Move writepage to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 29/45] CIFS: Add writepage support for SMB2 Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 30/45] CIFS: Enable signing in SMB2 Pavel Shilovsky
[not found] ` <1342626541-29872-31-git-send-email-pshilovsky-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2012-08-21 7:35 ` Stefan Metzmacher
2012-08-21 14:01 ` Pavel Shilovsky
2012-08-21 14:58 ` Shirish Pargaonkar
[not found] ` <CADT32e+4DSN=CSCbL+8GoRePknpD3X0HSq1hjVsXf3KHXQcmTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-08-22 13:46 ` Stefan (metze) Metzmacher [this message]
[not found] ` <5034E29E.7030006-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
2013-07-08 6:15 ` Shirish Pargaonkar
2012-07-18 15:48 ` [PATCH 31/45] CIFS: Move rename to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 32/45] CIFS: Add SMB2 support for rename operation Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 33/45] CIFS: Move hardlink to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 34/45] CIFS: Add SMB2 support for hardlink operation Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 35/45] CIFS: Move set_file_size to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 36/45] CIFS: Add SMB2 support for set_file_size Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 37/45] CIFS: Move set_file_info to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 38/45] CIFS: Add set_file_info support for SMB2 Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 39/45] CIFS: Move readdir code to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 40/45] CIFS: Add readdir support for SMB2 Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 41/45] CIFS: Process oplocks " Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 42/45] CIFS: Move oplock break to ops struct Pavel Shilovsky
2012-07-18 15:48 ` [PATCH 43/45] CIFS: Add oplock break support for SMB2 Pavel Shilovsky
2012-07-18 15:49 ` [PATCH 44/45] CIFS: Move statfs to ops struct Pavel Shilovsky
2012-07-18 15:49 ` [PATCH 45/45] CIFS: Add statfs support for SMB2 Pavel Shilovsky
2012-08-03 15:14 ` [PATCH 00/45] SMB2 base operation support Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5034E29E.7030006@samba.org \
--to=metze-eunubhrolfbytjvyw6ydsg@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=shirishpargaonkar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.