[Yakkety][PULL] CIFS: Enable encryption for SMB3

Stefan Bader stefan.bader at canonical.com
Tue Mar 28 12:49:28 UTC 2017 

On 27.03.2017 18:00, Joseph Salisbury wrote:
> There has been work upstream to enable encryption support for SMB3
> connections. This is a particularly valuable (and commonly requested)
> feature with the Azure Files service as encryption is required to connect
> to an Azure Files storage share from on-prem or from a different Azure region.
> 
> BugLink: http://bugs.launchpad.net/bugs/1670508
> 
> The following changes since commit 1b11947c43f0f91b5a05a5faaa504611f7c0bbcb:
> 
>   UBUNTU: Ubuntu-4.8.0-41.44 (2017-03-03 13:08:42 +0100)
> 
> are available in the git repository at:
> 
>   kernel.ubuntu.com:/srv/kernel.ubuntu.com/git/jsalisbury/bugs/lp1670508/ubuntu-yakkety.git 
> 
> for you to fetch changes up to db0b8c4cd884cd96bc7fff807452cdeef6e4e72c:
> 
>   CIFS: Fix possible use after free in demultiplex thread (2017-03-27 11:19:17 -0400)
> 
> ----------------------------------------------------------------
> Jean Delvare (3):
>       cifs: Simplify SMB2 and SMB311 dependencies
>       cifs: Only select the required crypto modules
>       cifs: Add soft dependencies
> 
> Pavel Shilovsky (16):
>       CIFS: Separate SMB2 header structure
>       CIFS: Make SendReceive2() takes resp iov
>       CIFS: Make send_cancel take rqst as argument
>       CIFS: Send RFC1001 length in a separate iov
>       CIFS: Separate SMB2 sync header processing
>       CIFS: Separate RFC1001 length processing for SMB2 read
>       CIFS: Add capability to transform requests before sending
>       CIFS: Enable encryption during session setup phase
>       CIFS: Encrypt SMB3 requests before sending
>       CIFS: Add transform header handling callbacks
>       CIFS: Add mid handle callback
>       CIFS: Add copy into pages callback for a read operation
>       CIFS: Decrypt and process small encrypted packets
>       CIFS: Add capability to decrypt big read responses
>       CIFS: Allow to switch on encryption with seal mount option
>       CIFS: Fix possible use after free in demultiplex thread
> 
> Sachin Prabhu (2):
>       SMB2: Separate Kerberos authentication from SMB2_sess_setup
>       SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
> 
> Steve French (2):
>       SMB3: Add mount parameter to allow user to override max credits
>       SMB3: parsing for new snapshot timestamp mount parm
> 
>  fs/cifs/Kconfig         |   12 +-
>  fs/cifs/cifsencrypt.c   |   51 ++-
>  fs/cifs/cifsfs.c        |   14 +
>  fs/cifs/cifsglob.h      |   46 +-
>  fs/cifs/cifsproto.h     |   13 +-
>  fs/cifs/cifssmb.c       |  135 +++---
>  fs/cifs/connect.c       |  114 ++++-
>  fs/cifs/file.c          |   52 ++-
>  fs/cifs/sess.c          |   27 +-
>  fs/cifs/smb1ops.c       |    4 +-
>  fs/cifs/smb2glob.h      |   13 +-
>  fs/cifs/smb2maperror.c  |    5 +-
>  fs/cifs/smb2misc.c      |   61 +--
>  fs/cifs/smb2ops.c       |  687 ++++++++++++++++++++++++++++-
>  fs/cifs/smb2pdu.c       | 1102 ++++++++++++++++++++++++++++++-----------------
>  fs/cifs/smb2pdu.h       |   27 +-
>  fs/cifs/smb2proto.h     |    5 +
>  fs/cifs/smb2transport.c |  132 +++---
>  fs/cifs/transport.c     |  171 +++++---
>  19 files changed, 1994 insertions(+), 677 deletions(-)
> 

For me the same as for Xenial applies. If we aim to enable new features (which
normally is not something done in SRU) then there should at least be some deeper
testing of old and new functionality.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20170328/32a2ba5f/attachment.sig>

More information about the kernel-team mailing list