wireshark trace decryption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cifs-utils (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Ioanna Alifieraki | ||
Focal |
Fix Released
|
Undecided
|
Ioanna Alifieraki |
Bug Description
[Impact]
For Bionic release, current cifs-utils package version is 6.8-1. This version is missing below two commits
https:/
https:/
* Without above feature, we won’t be able to analyze most part of network traces on a client side in case customers have problems accessing Azure Files service from VMs running Ubuntu Bionic.
[Test Case]
* Setup an ubuntu vm, of the release you are going to test
* Install the packages:
sudo apt update
sudo apt install samba cifs-utils -y
* With the new cifs-utils package, you should have the smbinfo command available:
ubuntu@
Usage: smbinfo [-v] [-V] <command> <file>
Try 'smbinfo -h' for more information.
* To test the extraction of encryption keys, the HWE kernel in the case of bionic (or another kernel version 5 or higher) must be installed (focal already has the right kernel version, so no change needed there):
sudo apt install linux-image-
* Reboot into the new kernel if you were on an older one, like in bionic:
sudo reboot
* Setup a share:
echo -e "[myshare]
sudo mkdir /myshare
echo "Hello World" | sudo tee /myshare/hello.txt
* Create a samba user ubuntu, with a password of your choice (you will be prompted for it):
sudo smbpasswd -a ubuntu
* Mount the new share with encryption options:
ubuntu@
Password for ubuntu@
* Confirm with smbstatus that the connection is encrypted:
ubuntu@
Samba version 4.7.6-Ubuntu
PID Username Group Machine Protocol Version Encryption Signing
-------
4516 ubuntu ubuntu 127.0.0.1 (ipv4:127.
Service pid Machine Connected at Encryption Signing
-------
IPC$ 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC
myshare 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC
No locked files
* Obtain the encryption keys:
ubuntu@
CCM encryption
Session Id: b6 4c 21 8f 00 00 00 00
Session Key: 42 26 cf 6d d1 55 c7 80 b4 27 10 c2 a8 d2 26 31
Server Encryption Key: c9 37 6c 10 14 0e 1f f6 ea c7 5e d7 e0 76 79 a7
Server Decryption Key: 97 4e 2e 99 ec 27 66 a4 95 b5 a4 f9 8c 17 c7 ee
* There are many other subcommands available in smbinfo. For a list, run:
smbinfo -h
[Regression Potential]
These patches cherry pick and touch 2 files : smbinfo.c and smbinfo.rst.
They add the smbinfo utility which is required for the 2 commits mentioned in the <Impact> section. Since smbinfo does not interact with the rest of the code any regression potential would involve smbinfo itself.
[Other]
The smbinfo utility to work properly requires kernel >5.0 and the 'keys' command which is the one used for dumping session id, encryption and decryption keys requires kernel > 5.4.
For Bionic the backport includes some extra functionalities from smbinfo, apart from the 'keys' command which dumps the encryption and decryption keys. The rational behind this is that smbinfo is a standalone utility and backporting just the required commits could introduce the risk of adding bugs in the process.
For Focal the (extra) compression commands are backported to be in line with Bionic.
Related branches
- Andreas Hasenack: Approve
-
Diff: 527 lines (+483/-0)7 files modifieddebian/changelog (+11/-0)
debian/patches/0002-smbinfo-Improve-help-usage-and-add-h-option.patch (+108/-0)
debian/patches/0003-smbinfo-add-GETCOMPRESSION-support.patch (+102/-0)
debian/patches/0004-smbinfo-print-the-security-information-needed-to-dec.patch (+108/-0)
debian/patches/0005-smbinfo-Add-SETCOMPRESSION-support.patch (+119/-0)
debian/patches/0006-smbinfo.rst-document-new-keys-command.patch (+30/-0)
debian/patches/series (+5/-0)
- Andreas Hasenack: Approve
-
Diff: 4165 lines (+4043/-0)20 files modifieddebian/changelog (+24/-0)
debian/patches/0001-smbinfo-add-a-utility-to-display-smb-specific-inform.patch (+465/-0)
debian/patches/0002-smbinfo.rst-document-kernel-version.patch (+28/-0)
debian/patches/0003-smbinfo-Add-more-File-Information-classes.patch (+602/-0)
debian/patches/0004-smbinfo-update-help-text.patch (+36/-0)
debian/patches/0005-smbinfo-Update-the-usage-text-with-the-new-infolevel.patch (+45/-0)
debian/patches/0006-smbinfo-add-FileFsFullSizeInformation.patch (+103/-0)
debian/patches/0007-smbinfo-decode-the-ACEs.patch (+347/-0)
debian/patches/0008-smbinfo-fix-code-style.patch (+1473/-0)
debian/patches/0009-smbinfo-add-fsctl-getobjid-support.patch (+131/-0)
debian/patches/0010-smbinfo-missing-help-for-fsctl-getobjid.patch (+34/-0)
debian/patches/0011-smbinfo-Add-ability-to-query-snapshots-previous-vers.patch (+173/-0)
debian/patches/0012-smbinfo-make-argument-order-consistent.patch (+62/-0)
debian/patches/0013-smbinfo-use-constant-for-input-buffer-length.patch (+35/-0)
debian/patches/0014-smbinfo-Improve-help-usage-and-add-h-option.patch (+108/-0)
debian/patches/0015-smbinfo-add-GETCOMPRESSION-support.patch (+102/-0)
debian/patches/0016-smbinfo-print-the-security-information-needed-to-dec.patch (+108/-0)
debian/patches/0017-smbinfo-Add-SETCOMPRESSION-support.patch (+119/-0)
debian/patches/0018-smbinfo.rst-document-new-keys-command.patch (+30/-0)
debian/patches/series (+18/-0)
- Andreas Hasenack: Pending requested
-
Diff: 4247 lines (+4109/-0) (has conflicts)21 files modifieddebian/changelog (+33/-0)
debian/patches/0001-smbinfo-add-a-utility-to-display-smb-specific-inform.patch (+465/-0)
debian/patches/0002-smbinfo.rst-document-kernel-version.patch (+28/-0)
debian/patches/0003-smbinfo-Add-more-File-Information-classes.patch (+602/-0)
debian/patches/0004-smbinfo-update-help-text.patch (+36/-0)
debian/patches/0005-smbinfo-Update-the-usage-text-with-the-new-infolevel.patch (+45/-0)
debian/patches/0006-smbinfo-add-FileFsFullSizeInformation.patch (+103/-0)
debian/patches/0007-smbinfo-decode-the-ACEs.patch (+347/-0)
debian/patches/0008-smbinfo-fix-code-style.patch (+1473/-0)
debian/patches/0009-smbinfo-add-fsctl-getobjid-support.patch (+131/-0)
debian/patches/0010-smbinfo-missing-help-for-fsctl-getobjid.patch (+34/-0)
debian/patches/0011-smbinfo-Add-ability-to-query-snapshots-previous-vers.patch (+173/-0)
debian/patches/0012-smbinfo-make-argument-order-consistent.patch (+62/-0)
debian/patches/0013-smbinfo-use-constant-for-input-buffer-length.patch (+35/-0)
debian/patches/0014-smbinfo-Improve-help-usage-and-add-h-option.patch (+108/-0)
debian/patches/0015-smbinfo-add-GETCOMPRESSION-support.patch (+102/-0)
debian/patches/0016-smbinfo-print-the-security-information-needed-to-dec.patch (+108/-0)
debian/patches/0017-smbinfo-Add-SETCOMPRESSION-support.patch (+119/-0)
debian/patches/0018-smbinfo.rst-document-new-keys-command.patch (+30/-0)
debian/patches/series (+22/-0)
debian/patches/setcifsacl-fix-adding-ACE-when-owner-sid-in-unexpect.patch (+53/-0)
Changed in cifs-utils (Ubuntu Bionic): | |
assignee: | nobody → Ioanna Alifieraki (joalif) |
Changed in cifs-utils (Ubuntu Focal): | |
assignee: | nobody → Ioanna Alifieraki (joalif) |
Changed in cifs-utils (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in cifs-utils (Ubuntu Focal): | |
status: | New → Confirmed |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
I've done some initial investigation on what's needed to be backported to apply the above commits in bionic.
The list of commits that need to be backported :
18) 74a1ced5f706ea6 a9cab885693c775 5657b81a2a smbinfo.rst: document new `keys` command 4511f244f91fcdf d5d08c8b68 smbinfo: Add SETCOMPRESSION support 3f6f535c6784f03 7bbadadb84 smbinfo: print the security information needed to decrypt wireshark trace c29410963663f3a f72275bcb6 smbinfo: add GETCOMPRESSION support fc5aa48a700e740 523d8d2023 smbinfo: Improve help usage and add -h option. 8eb273039c5d1e1 1634b2e56a smbinfo: use constant for input buffer length 59cb6eae9787c53 b7e032448d smbinfo: make argument order consistent e94f1ab9adfdecb bb6ce16dcb smbinfo: Add ability to query snapshots (previous versions) d48c929b21304ed d2e8522ea6 smbinfo: missing help for fsctl-getobjid d4f42985491f2f9 8eddffc165 smbinfo: add fsctl-getobjid support 5f0d025b7741570 8b1c45d234 smbinfo: fix code style 39546cab26a5b90 c3cca523fd smbinfo: decode the ACEs aeb5c88e2092ef3 29724138fc smbinfo: add FileFsFullSizeI nformation b7835113c54a0f8 5d309303ce smbinfo: Update the usage text with the new infolevels 768a35e72a37454 0ffc68d36d smbinfo: update help text 72b60e71baa337d 96884cd881 smbinfo: Add more File*Information classes 6ac17895fa7bcbb fdc95ed708 smbinfo.rst: document kernel version 503024b1b8ed655 a32eb55035 smbinfo: add a utility to display smb specific information about objects
17) 07c5812c062ac58
16) 6df98da5cd3fbb3
15) 1e4fca25948d52f
14) 12c2f088fa3d666
13) aee01e0e61837fc
12) 98907475550ecd4
11) 74ae05342aeb0ab
10) 49eb190518c5000
9) fb33ba335325020
8) f9f5d421d62decc
7) 1191a6cafde1f6e
6) 70902177e944c79
5) 858ac4df38169d0
4) db9d117fd6e2660
3) 0ca46dbb7d50d88
2) f0c95ea8d2835b1
1) 3eb33a11665aebc
The required commits depend on smbinfo utility which is introduced in 6.9 cifs-utils, bionic is 6.8.
smbinfo utility provides SMB specific file information.
The list of commits above touch 2 files : smbinfo.c and smbinfo.rst.
Going through the code it seems that this utility is isolated from the rest of the code of the package (couldn't see any code called outside smbinfo.c or any call into smbinfo.c).