Ubuntu
cifs-utils package

wireshark trace decryption

Bug #1886551 reported by Rakesh Ginjupalli
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cifs-utils (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Ioanna Alifieraki
Focal
Fix Released
Undecided
Ioanna Alifieraki

Bug Description

[Impact]

For Bionic release, current cifs-utils package version is 6.8-1. This version is missing below two commits

https://git.samba.org/?p=cifs-utils.git;a=commit;h=74a1ced5f706ea6a9cab885693c7755657b81a2a
https://git.samba.org/?p=cifs-utils.git;a=commit;h=6df98da5cd3fbb33f6f535c6784f037bbadadb84

 * Without above feature, we won’t be able to analyze most part of network traces on a client side in case customers have problems accessing Azure Files service from VMs running Ubuntu Bionic.

[Test Case]
* Setup an ubuntu vm, of the release you are going to test

* Install the packages:
sudo apt update
sudo apt install samba cifs-utils -y

* With the new cifs-utils package, you should have the smbinfo command available:
ubuntu@bionic-smbinfo:~$ smbinfo
Usage: smbinfo [-v] [-V] <command> <file>
Try 'smbinfo -h' for more information.

* To test the extraction of encryption keys, the HWE kernel in the case of bionic (or another kernel version 5 or higher) must be installed (focal already has the right kernel version, so no change needed there):
sudo apt install linux-image-generic-hwe-18.04

* Reboot into the new kernel if you were on an older one, like in bionic:
sudo reboot

* Setup a share:
echo -e "[myshare]\npath=/myshare\n" | sudo tee -a /etc/samba/smb.conf
sudo mkdir /myshare
echo "Hello World" | sudo tee /myshare/hello.txt

* Create a samba user ubuntu, with a password of your choice (you will be prompted for it):
sudo smbpasswd -a ubuntu

* Mount the new share with encryption options:
ubuntu@bionic-smbinfo:~$ sudo mount //localhost/myshare /mnt -o seal,user=ubuntu
Password for ubuntu@//localhost/myshare: ******

* Confirm with smbstatus that the connection is encrypted:
ubuntu@bionic-smbinfo:~$ sudo smbstatus

Samba version 4.7.6-Ubuntu
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
4516 ubuntu ubuntu 127.0.0.1 (ipv4:127.0.0.1:45794) SMB3_11 partial(AES-128-CCM) partial(AES-128-CMAC)

Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
IPC$ 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC
myshare 4516 127.0.0.1 Thu Sep 10 20:41:14 2020 UTC AES-128-CCM AES-128-CMAC

No locked files

* Obtain the encryption keys:
ubuntu@bionic-smbinfo:~$ sudo smbinfo keys /mnt/hello.txt
CCM encryption
Session Id: b6 4c 21 8f 00 00 00 00
Session Key: 42 26 cf 6d d1 55 c7 80 b4 27 10 c2 a8 d2 26 31
Server Encryption Key: c9 37 6c 10 14 0e 1f f6 ea c7 5e d7 e0 76 79 a7
Server Decryption Key: 97 4e 2e 99 ec 27 66 a4 95 b5 a4 f9 8c 17 c7 ee

* There are many other subcommands available in smbinfo. For a list, run:
smbinfo -h

[Regression Potential]

These patches cherry pick and touch 2 files : smbinfo.c and smbinfo.rst.
They add the smbinfo utility which is required for the 2 commits mentioned in the <Impact> section. Since smbinfo does not interact with the rest of the code any regression potential would involve smbinfo itself.

[Other]

The smbinfo utility to work properly requires kernel >5.0 and the 'keys' command which is the one used for dumping session id, encryption and decryption keys requires kernel > 5.4.
For Bionic the backport includes some extra functionalities from smbinfo, apart from the 'keys' command which dumps the encryption and decryption keys. The rational behind this is that smbinfo is a standalone utility and backporting just the required commits could introduce the risk of adding bugs in the process.
For Focal the (extra) compression commands are backported to be in line with Bionic.

See original description

Related branches

~joalif/ubuntu/+source/cifs-utils:lp1886551-focal
Andreas Hasenack: Approve
Diff: 527 lines (+483/-0)
7 files modified
debian/changelog (+11/-0)
debian/patches/0002-smbinfo-Improve-help-usage-and-add-h-option.patch (+108/-0)
debian/patches/0003-smbinfo-add-GETCOMPRESSION-support.patch (+102/-0)
debian/patches/0004-smbinfo-print-the-security-information-needed-to-dec.patch (+108/-0)
debian/patches/0005-smbinfo-Add-SETCOMPRESSION-support.patch (+119/-0)
debian/patches/0006-smbinfo.rst-document-new-keys-command.patch (+30/-0)
debian/patches/series (+5/-0)
~joalif/ubuntu/+source/cifs-utils:lp1886551-bionic
Andreas Hasenack: Approve
Diff: 4165 lines (+4043/-0)
20 files modified
debian/changelog (+24/-0)
debian/patches/0001-smbinfo-add-a-utility-to-display-smb-specific-inform.patch (+465/-0)
debian/patches/0002-smbinfo.rst-document-kernel-version.patch (+28/-0)
debian/patches/0003-smbinfo-Add-more-File-Information-classes.patch (+602/-0)
debian/patches/0004-smbinfo-update-help-text.patch (+36/-0)
debian/patches/0005-smbinfo-Update-the-usage-text-with-the-new-infolevel.patch (+45/-0)
debian/patches/0006-smbinfo-add-FileFsFullSizeInformation.patch (+103/-0)
debian/patches/0007-smbinfo-decode-the-ACEs.patch (+347/-0)
debian/patches/0008-smbinfo-fix-code-style.patch (+1473/-0)
debian/patches/0009-smbinfo-add-fsctl-getobjid-support.patch (+131/-0)
debian/patches/0010-smbinfo-missing-help-for-fsctl-getobjid.patch (+34/-0)
debian/patches/0011-smbinfo-Add-ability-to-query-snapshots-previous-vers.patch (+173/-0)
debian/patches/0012-smbinfo-make-argument-order-consistent.patch (+62/-0)
debian/patches/0013-smbinfo-use-constant-for-input-buffer-length.patch (+35/-0)
debian/patches/0014-smbinfo-Improve-help-usage-and-add-h-option.patch (+108/-0)
debian/patches/0015-smbinfo-add-GETCOMPRESSION-support.patch (+102/-0)
debian/patches/0016-smbinfo-print-the-security-information-needed-to-dec.patch (+108/-0)
debian/patches/0017-smbinfo-Add-SETCOMPRESSION-support.patch (+119/-0)
debian/patches/0018-smbinfo.rst-document-new-keys-command.patch (+30/-0)
debian/patches/series (+18/-0)
~joalif/ubuntu/+source/cifs-utils:lp1886551-bionic
Andreas Hasenack: Pending requested
Diff: 4247 lines (+4109/-0) (has conflicts)
21 files modified
debian/changelog (+33/-0)
debian/patches/0001-smbinfo-add-a-utility-to-display-smb-specific-inform.patch (+465/-0)
debian/patches/0002-smbinfo.rst-document-kernel-version.patch (+28/-0)
debian/patches/0003-smbinfo-Add-more-File-Information-classes.patch (+602/-0)
debian/patches/0004-smbinfo-update-help-text.patch (+36/-0)
debian/patches/0005-smbinfo-Update-the-usage-text-with-the-new-infolevel.patch (+45/-0)
debian/patches/0006-smbinfo-add-FileFsFullSizeInformation.patch (+103/-0)
debian/patches/0007-smbinfo-decode-the-ACEs.patch (+347/-0)
debian/patches/0008-smbinfo-fix-code-style.patch (+1473/-0)
debian/patches/0009-smbinfo-add-fsctl-getobjid-support.patch (+131/-0)
debian/patches/0010-smbinfo-missing-help-for-fsctl-getobjid.patch (+34/-0)
debian/patches/0011-smbinfo-Add-ability-to-query-snapshots-previous-vers.patch (+173/-0)
debian/patches/0012-smbinfo-make-argument-order-consistent.patch (+62/-0)
debian/patches/0013-smbinfo-use-constant-for-input-buffer-length.patch (+35/-0)
debian/patches/0014-smbinfo-Improve-help-usage-and-add-h-option.patch (+108/-0)
debian/patches/0015-smbinfo-add-GETCOMPRESSION-support.patch (+102/-0)
debian/patches/0016-smbinfo-print-the-security-information-needed-to-dec.patch (+108/-0)
debian/patches/0017-smbinfo-Add-SETCOMPRESSION-support.patch (+119/-0)
debian/patches/0018-smbinfo.rst-document-new-keys-command.patch (+30/-0)
debian/patches/series (+22/-0)
debian/patches/setcifsacl-fix-adding-ACE-when-owner-sid-in-unexpect.patch (+53/-0)
Revision history for this message
Ioanna Alifieraki (joalif) wrote :

I've done some initial investigation on what's needed to be backported to apply the above commits in bionic.

The list of commits that need to be backported :

18) 74a1ced5f706ea6a9cab885693c7755657b81a2a smbinfo.rst: document new `keys` command
17) 07c5812c062ac584511f244f91fcdfd5d08c8b68 smbinfo: Add SETCOMPRESSION support
16) 6df98da5cd3fbb33f6f535c6784f037bbadadb84 smbinfo: print the security information needed to decrypt wireshark trace
15) 1e4fca25948d52fc29410963663f3af72275bcb6 smbinfo: add GETCOMPRESSION support
14) 12c2f088fa3d666fc5aa48a700e740523d8d2023 smbinfo: Improve help usage and add -h option.
13) aee01e0e61837fc8eb273039c5d1e11634b2e56a smbinfo: use constant for input buffer length
12) 98907475550ecd459cb6eae9787c53b7e032448d smbinfo: make argument order consistent
11) 74ae05342aeb0abe94f1ab9adfdecbbb6ce16dcb smbinfo: Add ability to query snapshots (previous versions)
10) 49eb190518c5000d48c929b21304edd2e8522ea6 smbinfo: missing help for fsctl-getobjid
9) fb33ba335325020d4f42985491f2f98eddffc165 smbinfo: add fsctl-getobjid support
8) f9f5d421d62decc5f0d025b77415708b1c45d234 smbinfo: fix code style
7) 1191a6cafde1f6e39546cab26a5b90c3cca523fd smbinfo: decode the ACEs
6) 70902177e944c79aeb5c88e2092ef329724138fc smbinfo: add FileFsFullSizeInformation
5) 858ac4df38169d0b7835113c54a0f85d309303ce smbinfo: Update the usage text with the new infolevels
4) db9d117fd6e2660768a35e72a374540ffc68d36d smbinfo: update help text
3) 0ca46dbb7d50d8872b60e71baa337d96884cd881 smbinfo: Add more File*Information classes
2) f0c95ea8d2835b16ac17895fa7bcbbfdc95ed708 smbinfo.rst: document kernel version
1) 3eb33a11665aebc503024b1b8ed655a32eb55035 smbinfo: add a utility to display smb specific information about objects

The required commits depend on smbinfo utility which is introduced in 6.9 cifs-utils, bionic is 6.8.
smbinfo utility provides SMB specific file information.

The list of commits above touch 2 files : smbinfo.c and smbinfo.rst.
Going through the code it seems that this utility is isolated from the rest of the code of the package (couldn't see any code called outside smbinfo.c or any call into smbinfo.c).

Revision history for this message
Rakesh Ginjupalli (linuxelf001) wrote :

Thank you for sharing the required commits that need to be backported.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Marking the main devel task (groovy) as fix released, as groovy has cifs-utils 6.10 which has these features.

Changed in cifs-utils (Ubuntu):
status: New → Fix Released
Ioanna Alifieraki (joalif)
Changed in cifs-utils (Ubuntu Bionic):
assignee: nobody → Ioanna Alifieraki (joalif)
Changed in cifs-utils (Ubuntu Focal):
assignee: nobody → Ioanna Alifieraki (joalif)
Changed in cifs-utils (Ubuntu Bionic):
status: New → Confirmed
Changed in cifs-utils (Ubuntu Focal):
status: New → Confirmed
Ioanna Alifieraki (joalif)
description: updated
Andreas Hasenack (ahasenack)
description: updated
Andreas Hasenack (ahasenack)
description: updated
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

This seems generally more of a feature than bugfix, which is rather a tricky case for an SRU. That being said, after Ioanna'a investigation and confirmation that the new utility (for bionic) is self-contained, and seeing that there is a realistic need for this feature, I am +1 on getting this accepted (using the "For Long Term Support releases we sometimes want to introduce new features" criterium).

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Rakesh, or anyone else affected,

Accepted cifs-utils into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cifs-utils/2:6.9-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cifs-utils (Ubuntu Focal):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Rakesh, or anyone else affected,

Accepted cifs-utils into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cifs-utils/2:6.8-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cifs-utils (Ubuntu Bionic):
status: Confirmed → Fix Committed
tags: added: verification-needed-bionic
Ioanna Alifieraki (joalif)
description: updated
Revision history for this message
Rohith Surabattula (rsurabattula) wrote :

Hi Lukasz,

I have tested the cifs-utils package from bionic-proposed and able to decrypt the wireshark traces.
Verification steps:
1) Start TCPDUMP on port 445.
2) Mount a file share.
3) Use smbinfo keys to get the session id and key.
4) Do some IO on file share.
5) Stop TCPDUMP and open the pcap file in wireshark
6) Copy the session id and key in preference section of SMB2 protocol.

smbinfo keys output:
sudo smbinfo keys /mnt/rohith/test.txt
SMB3.0 CCM encryption
Session Id: 09 02 00 ec 04 60 b0 83
Session Key: 15 b2 1f b0 41 ff fd 58 36 53 fa cd df d1 97 4b
Server Encryption Key: 80 0e 28 bc 13 02 2c 7a 7d 55 b1 33 22 43 03 8e
Server Decryption Key: 5f 92 26 87 b4 f8 08 da 41 88 f7 cd 95 e0 a9 25

Ioanna Alifieraki (joalif)
tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Ioanna Alifieraki (joalif) wrote :

# VERIFICATION FOCAL

Installed package from -proposed :

# dpkg -l | grep cifs
ii cifs-utils 2:6.9-1ubuntu0.1 amd64 Common Internet File System utilities

Following the test case from bug description :

# smbinfo keys /mnt/hello.txt
CCM encryption
Session Id: 54 8a 53 82 00 00 00 00
Session Key: 47 7a e8 3c 4f 69 5e c2 49 ba 7a 07 e5 46 7b d6
Server Encryption Key: 73 30 12 28 a8 2d 23 7d 9c 9d 5c fa c4 02 d0 e1
Server Decryption Key: 17 b3 6c 0e 00 02 d3 4d f5 b2 7b 24 43 39 61 00

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cifs-utils - 2:6.9-1ubuntu0.1

---------------
cifs-utils (2:6.9-1ubuntu0.1) focal; urgency=medium

  * Add 'keys' command to smbinfo (LP: #1886551):
    - d/p/0002-smbinfo-Improve-help-usage-and-add-h-option.patch
    - d/p/0003-smbinfo-add-GETCOMPRESSION-support.patch
    - d/p/0004-smbinfo-print-the-security-information-needed-to-dec.patch
    - d/p/0005-smbinfo-Add-SETCOMPRESSION-support.patch
    - d/p/0006-smbinfo.rst-document-new-keys-command.patch

 -- Ioanna Alifieraki <email address hidden> Mon, 14 Sep 2020 12:55:41 +0100

Changed in cifs-utils (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for cifs-utils has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cifs-utils - 2:6.8-1ubuntu1.1

---------------
cifs-utils (2:6.8-1ubuntu1.1) bionic; urgency=medium

  * Add smbinfo utility and 'keys' command (LP: #1886551) :
    - d/p/0001-smbinfo-add-a-utility-to-display-smb-specific-inform.patch
    - d/p/0002-smbinfo.rst-document-kernel-version.patch
    - d/p/0003-smbinfo-Add-more-File-Information-classes.patch
    - d/p/0004-smbinfo-update-help-text.patch
    - d/p/0005-smbinfo-Update-the-usage-text-with-the-new-infolevel.patch
    - d/p/0006-smbinfo-add-FileFsFullSizeInformation.patch
    - d/p/0007-smbinfo-decode-the-ACEs.patch
    - d/p/0008-smbinfo-fix-code-style.patch
    - d/p/0009-smbinfo-add-fsctl-getobjid-support.patch
    - d/p/0010-smbinfo-missing-help-for-fsctl-getobjid.patch
    - d/p/0011-smbinfo-Add-ability-to-query-snapshots-previous-vers.patch
    - d/p/0012-smbinfo-make-argument-order-consistent.patch
    - d/p/0013-smbinfo-use-constant-for-input-buffer-length.patch
    - d/p/0014-smbinfo-Improve-help-usage-and-add-h-option.patch
    - d/p/0015-smbinfo-add-GETCOMPRESSION-support.patch
    - d/p/0016-smbinfo-print-the-security-information-needed-to-dec.patch
    - d/p/0017-smbinfo-Add-SETCOMPRESSION-support.patch
    - d/p/0018-smbinfo.rst-document-new-keys-command.patch

 -- Ioanna Alifieraki <email address hidden> Thu, 10 Sep 2020 02:31:09 +0100

Changed in cifs-utils (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.