Re: Support SMB encryption

Wed, 22 Nov 2017 06:28:41 -0800 

On Mon, 2017-11-06 at 12:36 +0100, Bastien Nocera wrote:
> On Mon, 2017-11-06 at 12:26 +0100, Bastien Nocera wrote:
> > On Fri, 2017-11-03 at 02:39 +0000, Peter Keresztes Schmidt wrote:
> > > Hi all,
> > > 
> > > I'm not sure if this was already discussed, at least I couldn't
> > > find
> > > anything related.
> > > 
> > > Are there any attempts to support encryption with the SMB
> > > backend?
> > > Browsing a bit around in the source I'd assume something around
> > > 
> > > diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
> > > index 9040a9cb..6ffdddb9 100644
> > > --- a/daemon/gvfsbackendsmb.c
> > > +++ b/daemon/gvfsbackendsmb.c
> > > @@ -417,6 +417,8 @@ do_mount (GVfsBackend *backend,
> > >                                         op_backend->user !=
> > > NULL);
> > >    smbc_setOptionNoAutoAnonymousLogin (smb_context, TRUE);
> > >  
> > > +  smbc_setOptionSmbEncryptionLevel(smb_context,
> > > SMBC_ENCRYPTLEVEL_REQUEST);
> > > +
> > >    if (!smbc_init_context (smb_context))
> > >      {
> > >        g_vfs_job_failed (G_VFS_JOB (job),
> > > 
> > > 
> > > should do the trick. It'd be great if somebody could look into
> > > this
> > > since now everything is transported unencrypted over the wire
> > > even
> > > if
> > > the server supports encryption.
> > 
> > Is there any particular reason why you didn't test this change?
> > After
> > compiling gvfs, you should be able to run the gvfsd-smb daemon
> > without
> > installing it using:
> > ./gvfsd-smb server=[server ip address or hostname] share=[name of
> > the
> > share]
> > 
> > Testing against a few servers and reporting your results would go a
> > long way.
> > 
> > When that's done, you can probably file a bug against gvfs to
> > request
> > this change.
> 
> My cursory testing against a single server (my NAS) doesn't make the
> mount fail, though I'm not sure how to assert that it's using
> encryption other than snooping on the wire and checking whether I
> can,
> for example, read a text file in the clear.

I filed https://bugzilla.gnome.org/show_bug.cgi?id=790711

Cheers
_______________________________________________
gvfs-list mailing list
gvfs-list@gnome.org
https://mail.gnome.org/mailman/listinfo/gvfs-list

Reply via email to