[Yakkety][PULL] CIFS: Enable encryption for SMB3

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Yakkety][PULL] CIFS: Enable encryption for SMB3

Joseph Salisbury-3
There has been work upstream to enable encryption support for SMB3
connections. This is a particularly valuable (and commonly requested)
feature with the Azure Files service as encryption is required to connect
to an Azure Files storage share from on-prem or from a different Azure region.

BugLink: http://bugs.launchpad.net/bugs/1670508

The following changes since commit 1b11947c43f0f91b5a05a5faaa504611f7c0bbcb:

  UBUNTU: Ubuntu-4.8.0-41.44 (2017-03-03 13:08:42 +0100)

are available in the git repository at:

  kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-yakkety.git

for you to fetch changes up to db0b8c4cd884cd96bc7fff807452cdeef6e4e72c:

  CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:19:17 -0400)

----------------------------------------------------------------
Jean Delvare (3):
      cifs: Simplify SMB2 and SMB311 dependencies
      cifs: Only select the required crypto modules
      cifs: Add soft dependencies

Pavel Shilovsky (16):
      CIFS: Separate SMB2 header structure
      CIFS: Make SendReceive2() takes resp iov
      CIFS: Make send_cancel take rqst as argument
      CIFS: Send RFC1001 length in a separate iov
      CIFS: Separate SMB2 sync header processing
      CIFS: Separate RFC1001 length processing for SMB2 read
      CIFS: Add capability to transform requests before sending
      CIFS: Enable encryption during session setup phase
      CIFS: Encrypt SMB3 requests before sending
      CIFS: Add transform header handling callbacks
      CIFS: Add mid handle callback
      CIFS: Add copy into pages callback for a read operation
      CIFS: Decrypt and process small encrypted packets
      CIFS: Add capability to decrypt big read responses
      CIFS: Allow to switch on encryption with seal mount option
      CIFS: Fix possible use after free in demultiplex thread

Sachin Prabhu (2):
      SMB2: Separate Kerberos authentication from SMB2_sess_setup
      SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup

Steve French (2):
      SMB3: Add mount parameter to allow user to override max credits
      SMB3: parsing for new snapshot timestamp mount parm

 fs/cifs/Kconfig         |   12 +-
 fs/cifs/cifsencrypt.c   |   51 ++-
 fs/cifs/cifsfs.c        |   14 +
 fs/cifs/cifsglob.h      |   46 +-
 fs/cifs/cifsproto.h     |   13 +-
 fs/cifs/cifssmb.c       |  135 +++---
 fs/cifs/connect.c       |  114 ++++-
 fs/cifs/file.c          |   52 ++-
 fs/cifs/sess.c          |   27 +-
 fs/cifs/smb1ops.c       |    4 +-
 fs/cifs/smb2glob.h      |   13 +-
 fs/cifs/smb2maperror.c  |    5 +-
 fs/cifs/smb2misc.c      |   61 +--
 fs/cifs/smb2ops.c       |  687 ++++++++++++++++++++++++++++-
 fs/cifs/smb2pdu.c       | 1102 ++++++++++++++++++++++++++++++-----------------
 fs/cifs/smb2pdu.h       |   27 +-
 fs/cifs/smb2proto.h     |    5 +
 fs/cifs/smb2transport.c |  132 +++---
 fs/cifs/transport.c     |  171 +++++---
 19 files changed, 1994 insertions(+), 677 deletions(-)

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [Yakkety][PULL] CIFS: Enable encryption for SMB3

Tim Gardner-2
Positive test results.
--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Yakkety][PULL] CIFS: Enable encryption for SMB3

Stefan Bader-2
In reply to this post by Joseph Salisbury-3
On 27.03.2017 18:00, Joseph Salisbury wrote:

> There has been work upstream to enable encryption support for SMB3
> connections. This is a particularly valuable (and commonly requested)
> feature with the Azure Files service as encryption is required to connect
> to an Azure Files storage share from on-prem or from a different Azure region.
>
> BugLink: http://bugs.launchpad.net/bugs/1670508
>
> The following changes since commit 1b11947c43f0f91b5a05a5faaa504611f7c0bbcb:
>
>   UBUNTU: Ubuntu-4.8.0-41.44 (2017-03-03 13:08:42 +0100)
>
> are available in the git repository at:
>
>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-yakkety.git
>
> for you to fetch changes up to db0b8c4cd884cd96bc7fff807452cdeef6e4e72c:
>
>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:19:17 -0400)
>
> ----------------------------------------------------------------
> Jean Delvare (3):
>       cifs: Simplify SMB2 and SMB311 dependencies
>       cifs: Only select the required crypto modules
>       cifs: Add soft dependencies
>
> Pavel Shilovsky (16):
>       CIFS: Separate SMB2 header structure
>       CIFS: Make SendReceive2() takes resp iov
>       CIFS: Make send_cancel take rqst as argument
>       CIFS: Send RFC1001 length in a separate iov
>       CIFS: Separate SMB2 sync header processing
>       CIFS: Separate RFC1001 length processing for SMB2 read
>       CIFS: Add capability to transform requests before sending
>       CIFS: Enable encryption during session setup phase
>       CIFS: Encrypt SMB3 requests before sending
>       CIFS: Add transform header handling callbacks
>       CIFS: Add mid handle callback
>       CIFS: Add copy into pages callback for a read operation
>       CIFS: Decrypt and process small encrypted packets
>       CIFS: Add capability to decrypt big read responses
>       CIFS: Allow to switch on encryption with seal mount option
>       CIFS: Fix possible use after free in demultiplex thread
>
> Sachin Prabhu (2):
>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>
> Steve French (2):
>       SMB3: Add mount parameter to allow user to override max credits
>       SMB3: parsing for new snapshot timestamp mount parm
>
>  fs/cifs/Kconfig         |   12 +-
>  fs/cifs/cifsencrypt.c   |   51 ++-
>  fs/cifs/cifsfs.c        |   14 +
>  fs/cifs/cifsglob.h      |   46 +-
>  fs/cifs/cifsproto.h     |   13 +-
>  fs/cifs/cifssmb.c       |  135 +++---
>  fs/cifs/connect.c       |  114 ++++-
>  fs/cifs/file.c          |   52 ++-
>  fs/cifs/sess.c          |   27 +-
>  fs/cifs/smb1ops.c       |    4 +-
>  fs/cifs/smb2glob.h      |   13 +-
>  fs/cifs/smb2maperror.c  |    5 +-
>  fs/cifs/smb2misc.c      |   61 +--
>  fs/cifs/smb2ops.c       |  687 ++++++++++++++++++++++++++++-
>  fs/cifs/smb2pdu.c       | 1102 ++++++++++++++++++++++++++++++-----------------
>  fs/cifs/smb2pdu.h       |   27 +-
>  fs/cifs/smb2proto.h     |    5 +
>  fs/cifs/smb2transport.c |  132 +++---
>  fs/cifs/transport.c     |  171 +++++---
>  19 files changed, 1994 insertions(+), 677 deletions(-)
>
For me the same as for Xenial applies. If we aim to enable new features (which
normally is not something done in SRU) then there should at least be some deeper
testing of old and new functionality.

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK: [Yakkety][PULL] CIFS: Enable encryption for SMB3

brad.figg
In reply to this post by Joseph Salisbury-3
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

ACK/cmnt: [Yakkety][PULL] CIFS: Enable encryption for SMB3

Stefan Bader-2
In reply to this post by Joseph Salisbury-3
Ok, I think we could go on and do the yakkety update now, to see how that goes.
Working on zesty/4.10 stable I noticed occational clashes with stable patches.
Nothing serious, just to be aware of.

-Stefan


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

APPLIED: [Yakkety][PULL] CIFS: Enable encryption for SMB3

Thadeu Lima de Souza Cascardo-3
In reply to this post by Joseph Salisbury-3
Applied to yakkety master-next branch.

Thanks.
Cascardo.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Loading...