[Xenial][PULL] CIFS: Enable encryption for SMB3
Joshua R. Poulson
jrp at pun.org
Wed Jun 21 15:18:10 UTC 2017
Pavel replied in the bug. --jrp
On Wed, Jun 21, 2017 at 8:14 AM, Thadeu Lima de Souza Cascardo
<cascardo at canonical.com> wrote:
> Ping?
>
> On Thu, Jun 15, 2017 at 09:42:56AM -0300, Thadeu Lima de Souza Cascardo wrote:
>> On Mon, May 08, 2017 at 02:11:36PM -0700, Joshua R. Poulson wrote:
>> > I'll add it to our queue.
>>
>> Hi, Joshua.
>>
>> Did you get the chance to test it? I just rebased it on top of
>> master-next.
>>
>> I just realized I had pushed it to the ubuntu-kernel repo, not mine. I
>> have removed the branch from the ubuntu-kernel repo and pushed it to the
>> one below.
>>
>> git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial
>>
>> Thanks.
>> Cascardo.
>>
>> >
>> > On Mon, May 8, 2017 at 12:31 PM, Thadeu Lima de Souza Cascardo
>> > <cascardo at canonical.com> wrote:
>> > > On Mon, Mar 27, 2017 at 12:00:54PM -0400, Joseph Salisbury wrote:
>> > >> There has been work upstream to enable encryption support for SMB3
>> > >> connections. This is a particularly valuable (and commonly requested)
>> > >> feature with the Azure Files service as encryption is required to connect
>> > >> to an Azure Files storage share from on-prem or from a different Azure region.
>> > >>
>> > >> BugLink: http://bugs.launchpad.net/bugs/1670508
>> > >
>> > > This does not apply to xenial master-next, mainly due to commits
>> > > 35067b7fba326a76624769e03afeb4b5ff182041 and
>> > > f068ccac8a390dca36ee914ca3dfe7c8fb82bc12.
>> > >
>> > > I have reverted those, rebased, did a simple fixup on cherry-pick of
>> > > ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 (now a backport), then applied
>> > > those two commits again, by the way of cherry picking.
>> > >
>> > > It builds, but can we get some testing before the end of the week?
>> > >
>> > > It's at
>> > > git+ssh://git.launchpad.net/~cascardo/ubuntu/+source/linux/+git/xenial,
>> > > branch cifs.
>> > >
>> > > Thanks.
>> > > Cascardo.
>> > >
>> > >>
>> > >> The following changes since commit 05022128a513a344d156de5bffd88e3dda4c8da6:
>> > >>
>> > >> UBUNTU: Ubuntu-4.4.0-66.87 (2017-03-03 13:13:10 +0100)
>> > >>
>> > >> are available in the git repository at:
>> > >>
>> > >> kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-xenial.git
>> > >>
>> > >> for you to fetch changes up to a16041fde91bd7e13bd1e237a8ca9a1cd28877bf:
>> > >>
>> > >> CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:52:33 -0400)
>> > >>
>> > >> ----------------------------------------------------------------
>> > >> Al Viro (5):
>> > >> [net] drop 'size' argument of sock_recvmsg()
>> > >> cifs: merge the hash calculation helpers
>> > >> cifs: no need to wank with copying and advancing iovec on recvmsg side either
>> > >> cifs: don't bother with kmap on read_pages side
>> > >> cifs_readv_receive: use cifs_read_from_socket()
>> > >>
>> > >> Jean Delvare (3):
>> > >> cifs: Simplify SMB2 and SMB311 dependencies
>> > >> cifs: Only select the required crypto modules
>> > >> cifs: Add soft dependencies
>> > >>
>> > >> Pavel Shilovsky (16):
>> > >> CIFS: Separate SMB2 header structure
>> > >> CIFS: Make SendReceive2() takes resp iov
>> > >> CIFS: Make send_cancel take rqst as argument
>> > >> CIFS: Send RFC1001 length in a separate iov
>> > >> CIFS: Separate SMB2 sync header processing
>> > >> CIFS: Separate RFC1001 length processing for SMB2 read
>> > >> CIFS: Add capability to transform requests before sending
>> > >> CIFS: Enable encryption during session setup phase
>> > >> CIFS: Encrypt SMB3 requests before sending
>> > >> CIFS: Add transform header handling callbacks
>> > >> CIFS: Add mid handle callback
>> > >> CIFS: Add copy into pages callback for a read operation
>> > >> CIFS: Decrypt and process small encrypted packets
>> > >> CIFS: Add capability to decrypt big read responses
>> > >> CIFS: Allow to switch on encryption with seal mount option
>> > >> CIFS: Fix possible use after free in demultiplex thread
>> > >>
>> > >> Sachin Prabhu (3):
>> > >> Fix memory leaks in cifs_do_mount()
>> > >> SMB2: Separate Kerberos authentication from SMB2_sess_setup
>> > >> SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
>> > >>
>> > >> Steve French (4):
>> > >> cifs: Make echo interval tunable
>> > >> Prepare for encryption support (first part). Add decryption and encryption key generation. Thanks to Metze for helping with this.
>> > >> SMB3: Add mount parameter to allow user to override max credits
>> > >> SMB3: parsing for new snapshot timestamp mount parm
>> > >>
>> > >> drivers/target/iscsi/iscsi_target_util.c | 5 +-
>> > >> fs/cifs/Kconfig | 12 +-
>> > >> fs/cifs/cifsencrypt.c | 130 ++--
>> > >> fs/cifs/cifsfs.c | 16 +
>> > >> fs/cifs/cifsglob.h | 64 +-
>> > >> fs/cifs/cifsproto.h | 28 +-
>> > >> fs/cifs/cifssmb.c | 146 ++--
>> > >> fs/cifs/connect.c | 273 ++++----
>> > >> fs/cifs/file.c | 101 +--
>> > >> fs/cifs/misc.c | 2 +-
>> > >> fs/cifs/sess.c | 27 +-
>> > >> fs/cifs/smb1ops.c | 4 +-
>> > >> fs/cifs/smb2glob.h | 13 +-
>> > >> fs/cifs/smb2maperror.c | 5 +-
>> > >> fs/cifs/smb2misc.c | 83 ++-
>> > >> fs/cifs/smb2ops.c | 698 ++++++++++++++++++-
>> > >> fs/cifs/smb2pdu.c | 1104 +++++++++++++++++++-----------
>> > >> fs/cifs/smb2pdu.h | 35 +-
>> > >> fs/cifs/smb2proto.h | 8 +-
>> > >> fs/cifs/smb2transport.c | 337 +++++----
>> > >> fs/cifs/transport.c | 171 +++--
>> > >> include/linux/net.h | 3 +-
>> > >> net/socket.c | 23 +-
>> > >> 23 files changed, 2297 insertions(+), 991 deletions(-)
>> > >>
>> > >> --
>> > >> kernel-team mailing list
>> > >> kernel-team at lists.ubuntu.com
>> > >> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>> > >
>> > > --
>> > > kernel-team mailing list
>> > > kernel-team at lists.ubuntu.com
>> > > https://lists.ubuntu.com/mailman/listinfo/kernel-team
>>
>> --
>> kernel-team mailing list
>> kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list