The Samba-Bugzilla – Attachment 16796 Details for
Bug 14825
"{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.15 cherry-picked from master
bug14825-v415.patch (text/plain), 7.97 KB, created by
Ralph Böhme
on 2021-09-08 16:48:07 UTC
(
hide
)
Description:
Patch for 4.15 cherry-picked from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2021-09-08 16:48:07 UTC
Size:
7.97 KB
patch
obsolete
>From a396255a8a85aa8c01e934c58ad5c597ee2db419 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 8 Sep 2021 15:10:14 +0200 >Subject: [PATCH] docs-xml: use upper case for "{client,server} smb3 > {signing,encryption} algorithms" values >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >This matches what smbstatus prints out. Note there's also the removal of >an '-' in "hmac-sha-256" => HMAC-SHA256". > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825 >RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184 > >(cherry picked from commit 867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111) >--- > .../security/clientsmbencryptionalgos.xml | 8 ++++---- > .../smbdotconf/security/clientsmbsigningalgos.xml | 10 +++++----- > .../security/serversmbencryptionalgos.xml | 8 ++++---- > .../smbdotconf/security/serversmbsigningalgos.xml | 10 +++++----- > lib/param/loadparm.h | 4 ++-- > libcli/smb/util.c | 14 +++++++------- > 6 files changed, 27 insertions(+), 27 deletions(-) > >diff --git a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml >index 27da51ad625..78df3f909e9 100644 >--- a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml >+++ b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml >@@ -9,13 +9,13 @@ > <para>It is also possible to remove individual algorithms from the default list, > by prefixing them with '-'. This can avoid having to specify a hardcoded list. > </para> >- <para>Note: that the removal of aes-128-ccm from the list will result >+ <para>Note: that the removal of AES-128-CCM from the list will result > in SMB3_00 and SMB3_02 being unavailable, as it is the default and only > available algorithm for these dialects. > </para> > </description> > >-<value type="default">aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm</value> >-<value type="example">aes-256-gcm</value> >-<value type="example">-aes-128-gcm -aes-128-ccm</value> >+<value type="default">AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM</value> >+<value type="example">AES-256-GCM</value> >+<value type="example">-AES-128-GCM -AES-128-CCM</value> > </samba:parameter> >diff --git a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml >index 1ad6c09626f..f7c61f3e661 100644 >--- a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml >+++ b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml >@@ -9,14 +9,14 @@ > <para>It is also possible to remove individual algorithms from the default list, > by prefixing them with '-'. This can avoid having to specify a hardcoded list. > </para> >- <para>Note: that the removal of aes-128-cmac from the list will result >- in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256 >+ <para>Note: that the removal of AES-128-CMAC from the list will result >+ in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256 > will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only > available algorithms for these dialects. > </para> > </description> > >-<value type="default">aes-128-gmac, aes-128-cmac, hmac-sha-256</value> >-<value type="example">aes-128-cmac, hmac-sha-256</value> >-<value type="example">-aes-128-cmac</value> >+<value type="default">AES-128-GMAC, AES-128-CMAC, HMAC-SHA256</value> >+<value type="example">AES-128-CMAC, HMAC-SHA256</value> >+<value type="example">-AES-128-CMAC</value> > </samba:parameter> >diff --git a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml >index 3217970d4e7..2dd2db98cc5 100644 >--- a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml >+++ b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml >@@ -9,13 +9,13 @@ > <para>It is also possible to remove individual algorithms from the default list, > by prefixing them with '-'. This can avoid having to specify a hardcoded list. > </para> >- <para>Note: that the removal of aes-128-ccm from the list will result >+ <para>Note: that the removal of AES-128-CCM from the list will result > in SMB3_00 and SMB3_02 being unavailable, as it is the default and only > available algorithm for these dialects. > </para> > </description> > >-<value type="default">aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm</value> >-<value type="example">aes-256-gcm</value> >-<value type="example">-aes-128-gcm -aes-128-ccm</value> >+<value type="default">AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM</value> >+<value type="example">AES-256-GCM</value> >+<value type="example">-AES-128-GCM -AES-128-CCM</value> > </samba:parameter> >diff --git a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml >index e73d4f04242..7884e603b5b 100644 >--- a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml >+++ b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml >@@ -9,14 +9,14 @@ > <para>It is also possible to remove individual algorithms from the default list, > by prefixing them with '-'. This can avoid having to specify a hardcoded list. > </para> >- <para>Note: that the removal of aes-128-cmac from the list will result >- in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256 >+ <para>Note: that the removal of AES-128-CMAC from the list will result >+ in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256 > will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only > available algorithms for these dialects. > </para> > </description> > >-<value type="default">aes-128-gmac, aes-128-cmac, hmac-sha-256</value> >-<value type="example">aes-128-cmac, hmac-sha-256</value> >-<value type="example">-aes-128-cmac</value> >+<value type="default">AES-128-GMAC, AES-128-CMAC, HMAC-SHA256</value> >+<value type="example">AES-128-CMAC, HMAC-SHA256</value> >+<value type="example">-AES-128-CMAC</value> > </samba:parameter> >diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h >index a942eaf9472..a3331436229 100644 >--- a/lib/param/loadparm.h >+++ b/lib/param/loadparm.h >@@ -285,8 +285,8 @@ enum samba_weak_crypto { > #define DEFAULT_SMB2_MAX_TRANSACT (8*1024*1024) > #define DEFAULT_SMB2_MAX_CREDITS 8192 > >-#define DEFAULT_SMB3_SIGNING_ALGORITHMS "aes-128-gmac aes-128-cmac hmac-sha-256" >-#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "aes-128-gcm aes-128-ccm aes-256-gcm aes-256-ccm" >+#define DEFAULT_SMB3_SIGNING_ALGORITHMS "AES-128-GMAC AES-128-CMAC HMAC-SHA256" >+#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "AES-128-GCM AES-128-CCM AES-256-GCM AES-256-CCM" > > #define LOADPARM_EXTRA_LOCALS \ > int usershare; \ >diff --git a/libcli/smb/util.c b/libcli/smb/util.c >index 061f478c92d..e1c0f124236 100644 >--- a/libcli/smb/util.c >+++ b/libcli/smb/util.c >@@ -466,9 +466,9 @@ enum smb_encryption_setting smb_encryption_setting_translate(const char *str) > } > > static const struct enum_list enum_smb3_signing_algorithms[] = { >- {SMB2_SIGNING_AES128_GMAC, "aes-128-gmac"}, >- {SMB2_SIGNING_AES128_CMAC, "aes-128-cmac"}, >- {SMB2_SIGNING_HMAC_SHA256, "hmac-sha-256"}, >+ {SMB2_SIGNING_AES128_GMAC, "AES-128-GMAC"}, >+ {SMB2_SIGNING_AES128_CMAC, "AES-128-CMAC"}, >+ {SMB2_SIGNING_HMAC_SHA256, "HMAC-SHA256"}, > {-1, NULL} > }; > >@@ -488,10 +488,10 @@ const char *smb3_signing_algorithm_name(uint16_t algo) > } > > static const struct enum_list enum_smb3_encryption_algorithms[] = { >- {SMB2_ENCRYPTION_AES128_GCM, "aes-128-gcm"}, >- {SMB2_ENCRYPTION_AES128_CCM, "aes-128-ccm"}, >- {SMB2_ENCRYPTION_AES256_GCM, "aes-256-gcm"}, >- {SMB2_ENCRYPTION_AES256_CCM, "aes-256-ccm"}, >+ {SMB2_ENCRYPTION_AES128_GCM, "AES-128-GCM"}, >+ {SMB2_ENCRYPTION_AES128_CCM, "AES-128-CCM"}, >+ {SMB2_ENCRYPTION_AES256_GCM, "AES-256-GCM"}, >+ {SMB2_ENCRYPTION_AES256_CCM, "AES-256-CCM"}, > {-1, NULL} > }; > >-- >2.31.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16796">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 14825
: 16796