** Description changed: [Impact] For Bionic release, current cifs-utils package version is 6.8-1. This version is missing below two commits https://git.samba.org/?p=cifs-utils.git;a=commit;h=74a1ced5f706ea6a9cab885693c7755657b81a2a https://git.samba.org/?p=cifs-utils.git;a=commit;h=6df98da5cd3fbb33f6f535c6784f037bbadadb84 * Without above feature, we won’t be able to analyze most part of network traces on a client side in case customers have problems accessing Azure Files service from VMs running Ubuntu Bionic. [Test Case] * Setup an ubuntu vm, of the release you are going to test * Install the packages: sudo apt update sudo apt install samba cifs-utils -y * With the new cifs-utils package, you should have the smbinfo command available: ubuntu@bionic-smbinfo:~$ smbinfo Usage: smbinfo [-v] [-V] <command> <file> Try 'smbinfo -h' for more information. * To test the extraction of encryption keys, the HWE kernel in the case of bionic (or another kernel version 5 or higher) must be installed (focal already has the right kernel version, so no change needed there): sudo apt install linux-image-generic-hwe-18.04 * Reboot into the new kernel if you were on an older one, like in bionic: sudo reboot * Setup a share: echo -e "[myshare]\npath=/myshare\n" | sudo tee -a /etc/samba/smb.conf sudo mkdir /myshare echo "Hello World" | sudo tee /myshare/hello.txt * Create a samba user ubuntu, with a password of your choice (you will be prompted for it): sudo smbpasswd -a ubuntu * Mount the new share with encryption options: ubuntu@bionic-smbinfo:~$ sudo mount //localhost/myshare /mnt -o seal,user=ubuntu Password for ubuntu@//localhost/myshare: ****** * Confirm with smbstatus that the connection is encrypted: ubuntu@bionic-smbinfo:~$ sudo smbstatus Samba version 4.7.6-Ubuntu PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 4516 ubuntu ubuntu 127.0.0.1 (ipv4:127.0.0.1:45794) SMB3_11 partial(AES-128-CCM) partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- IPC$ 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC myshare 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC No locked files * Obtain the encryption keys: ubuntu@bionic-smbinfo:~$ sudo smbinfo keys /mnt/hello.txt CCM encryption Session Id: b6 4c 21 8f 00 00 00 00 Session Key: 42 26 cf 6d d1 55 c7 80 b4 27 10 c2 a8 d2 26 31 Server Encryption Key: c9 37 6c 10 14 0e 1f f6 ea c7 5e d7 e0 76 79 a7 Server Decryption Key: 97 4e 2e 99 ec 27 66 a4 95 b5 a4 f9 8c 17 c7 ee * There are many other subcommands available in smbinfo. For a list, run: smbinfo -h [Regression Potential] These patches cherry pick and touch 2 files : smbinfo.c and smbinfo.rst. They add the smbinfo utility which is required for the 2 commits mentioned in the <Impact> section. Since smbinfo does not interact with the rest of the code any regression potential would involve smbinfo itself. [Other] - The smbinfo utility to work properly requires kernel >5.0 and the - 'keys' command which is the one used for dumping session id, encryption - and decryption keys requires kernel > 5.4. + The smbinfo utility to work properly requires kernel >5.0 and the 'keys' command which is the one used for dumping session id, encryption and decryption keys requires kernel > 5.4. + For Bionic the backport includes some extra functionalities from smbinfo, apart from the 'keys' command which dumps the encryption and decryption keys. The rational behind this is that smbinfo is a standalone utility and backporting just the required commits could introduce the risk of adding bugs in the process. + For Focal the (extra) compression commands are backported to be in line with Bionic.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886551 Title: wireshark trace decryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1886551/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
