Re: Support SMB encryption



On Mon, 2017-11-06 at 12:26 +0100, Bastien Nocera wrote:
On Fri, 2017-11-03 at 02:39 +0000, Peter Keresztes Schmidt wrote:
Hi all,

I'm not sure if this was already discussed, at least I couldn't
find
anything related.

Are there any attempts to support encryption with the SMB backend?
Browsing a bit around in the source I'd assume something around

diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 9040a9cb..6ffdddb9 100644
--- a/daemon/gvfsbackendsmb.c
+++ b/daemon/gvfsbackendsmb.c
@@ -417,6 +417,8 @@ do_mount (GVfsBackend *backend,
                                        op_backend->user != NULL);
   smbc_setOptionNoAutoAnonymousLogin (smb_context, TRUE);
 
+  smbc_setOptionSmbEncryptionLevel(smb_context,
SMBC_ENCRYPTLEVEL_REQUEST);
+
   if (!smbc_init_context (smb_context))
     {
       g_vfs_job_failed (G_VFS_JOB (job),


should do the trick. It'd be great if somebody could look into this
since now everything is transported unencrypted over the wire even
if
the server supports encryption.

Is there any particular reason why you didn't test this change? After
compiling gvfs, you should be able to run the gvfsd-smb daemon
without
installing it using:
./gvfsd-smb server=[server ip address or hostname] share=[name of the
share]

Testing against a few servers and reporting your results would go a
long way.

When that's done, you can probably file a bug against gvfs to request
this change.

My cursory testing against a single server (my NAS) doesn't make the
mount fail, though I'm not sure how to assert that it's using
encryption other than snooping on the wire and checking whether I can,
for example, read a text file in the clear.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]