samba.git/libcli/smb/smbXcli_base.c, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. libsmb: Avoid smb-level encryption if quic is trusted 2025-08-22T14:55:46+00:00 Volker Lendecke vl@samba.org 2025-08-21T10:17:55+00:00 e20c64e14fbc6a478cf31e01cf33ae4abc19b1fe Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Aug 22 14:55:47 UTC 2025 on atb-devel-224 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 22 14:55:47 UTC 2025 on atb-devel-224
libsmb: Negotiate SMB2_ACCEPT_TRANSPORT_LEVEL_SECURITY over quic 2025-08-22T13:55:34+00:00 Volker Lendecke vl@samba.org 2025-08-07T10:35:23+00:00 b0b3d039615f9e3a4bf6d585bf32d03e52214f13 If we trust quic, indicate to the server that we do so. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
If we trust quic, indicate to the server that we do so.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
libcli: Add tls_verify_peer_state to smbXcli_transport 2025-08-22T13:55:33+00:00 Volker Lendecke vl@samba.org 2025-08-04T12:59:15+00:00 bd15054462b12904c3c7583dbf5d01c7e82eec0d We have to carry a copy over from the tstream_tls_params used to connect, we can't get this information out once the tls-protected tstream is established Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
We have to carry a copy over from the tstream_tls_params used to
connect, we can't get this information out once the tls-protected
tstream is established

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
libcli: Introduce helper var in smbXcli_negprot_smb2_subreq() 2025-08-22T13:55:33+00:00 Volker Lendecke vl@samba.org 2025-08-07T09:53:59+00:00 a881a76892dcc9b2ba30a32b4d11f2acb1ee135c Saves a few bytes of code Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
Saves a few bytes of code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
libcli/smb: use talloc_asprintf_addbuf() in smbXcli_session_dump_keys() 2025-07-22T15:09:11+00:00 Ralph Boehme slow@samba.org 2025-07-21T10:59:55+00:00 b72cc7ce6ac1d1e7dbd102a3e68cfbc6fef8cc6f Avoids DEBUGADD() which can lead to intersected output in the logfile. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Jul 22 15:09:11 UTC 2025 on atb-devel-224 
Avoids DEBUGADD() which can lead to intersected output in the logfile.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 22 15:09:11 UTC 2025 on atb-devel-224
libcli/smb2: dump encryption key in format for Wireshark ~/.wireshark/smb2_seskey_list 2025-07-22T14:08:36+00:00 Ralph Boehme slow@samba.org 2025-07-19T12:54:10+00:00 85123e4ad02b8e1c085beea43574417b9cc761d6 This allows dumping the keys and quickly feeding them into Wireshark by adding them to ~/.wireshark/smb2_seskey_list. Example: debug encryption: dumping generated session keys Session Id [0000] 7D 00 00 E8 57 E0 31 01 }...W.1. Session Key [0000] 71 54 77 50 C1 DD 66 68 A8 51 D8 DE 23 F4 91 01 qTwP..fh .Q..#... Signing Key [0000] B1 29 AC EF 41 30 AE D2 43 00 1F 67 87 29 BF DB .)..A0.. C..g.).. App Key [0000] 6A 88 5C 51 51 22 FF 5C 25 95 A2 5C E2 2C FC 5D j.\QQ".\ %..\.,.] ServerIn Key [0000] 20 08 EB A2 14 99 17 03 9C A5 9A BB B8 48 88 3C ....... .....H.< ServerOut Key [0000] 15 AA C2 0D 19 AB 4C 26 64 E8 FC 94 B1 FE 27 5A ......L& d.....'Z Wireshark configuration line 7d0000e857e03101,71547750c1dd6668a851d8de23f49101,15aac20d19ab4c2664e8fc94b1fe275a,2008eba2149917039ca59abbb848883c When setting debug encryption = yes debug encryption:wireshark keyfile = /home/slow/.wireshark/smb2_seskey_list the keys are appended directly to Wireshark's keyfile. Wireshark has to be restarted to pick them up. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
This allows dumping the keys and quickly feeding them into Wireshark by adding
them to ~/.wireshark/smb2_seskey_list.

Example:

  debug encryption: dumping generated session keys
  Session Id    [0000] 7D 00 00 E8 57 E0 31 01                             }...W.1.
  Session Key   [0000] 71 54 77 50 C1 DD 66 68   A8 51 D8 DE 23 F4 91 01   qTwP..fh .Q..#...
  Signing Key   [0000] B1 29 AC EF 41 30 AE D2   43 00 1F 67 87 29 BF DB   .)..A0.. C..g.)..
  App Key       [0000] 6A 88 5C 51 51 22 FF 5C   25 95 A2 5C E2 2C FC 5D   j.\QQ".\ %..\.,.]
  ServerIn Key  [0000] 20 08 EB A2 14 99 17 03   9C A5 9A BB B8 48 88 3C    ....... .....H.<
  ServerOut Key [0000] 15 AA C2 0D 19 AB 4C 26   64 E8 FC 94 B1 FE 27 5A   ......L& d.....'Z
  Wireshark configuration line
  7d0000e857e03101,71547750c1dd6668a851d8de23f49101,15aac20d19ab4c2664e8fc94b1fe275a,2008eba2149917039ca59abbb848883c

When setting

    debug encryption = yes
    debug encryption:wireshark keyfile = /home/slow/.wireshark/smb2_seskey_list

the keys are appended directly to Wireshark's keyfile. Wireshark has to be
restarted to pick them up.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
libcli/smb: also dump signing_algo in smbXcli_session_dump_keys() 2025-07-22T14:08:36+00:00 Ralph Boehme slow@samba.org 2025-07-19T13:43:03+00:00 421e016c4ea53a58b7f1badc401c400322d86bb5 The server side already does that and I'm aiming for consolidating server and client code for dumping the keys. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
The server side already does that and I'm aiming for consolidating server and
client code for dumping the keys.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
libcli/smb: make smbXcli_session_dump_keys() usable for the server side 2025-07-22T14:08:36+00:00 Ralph Boehme slow@samba.org 2025-07-19T12:26:50+00:00 0d517a065c48c6bac02de173f29039a81055e694 By passing the individual keys directly instead of passing the wrapping state objects, smbXcli_session_dump_keys() can later also be used by the server code. No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
By passing the individual keys directly instead of passing the wrapping state
objects, smbXcli_session_dump_keys() can later also be used by the server code.

No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
libcli/smb: move cli_session_dump_keys() to libsmb 2025-07-22T14:08:36+00:00 Ralph Boehme slow@samba.org 2025-07-18T15:43:12+00:00 73ad89c76c2f9b15d5849d3cc8e5ff6ba274c949 More callers to come... Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
More callers to come...

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
libcli/smb: add smbXcli_transport_bsd_tstream() 2025-06-18T17:52:37+00:00 Stefan Metzmacher metze@samba.org 2025-05-16T09:34:37+00:00 7b68bb03eac5449d404c0cc930afe2446b437cd7 This can be used to force the usage of the tstream code path even for bsd sockets. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
This can be used to force the usage of the tstream code path even
for bsd sockets.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>