Re: Support SMB encryption



On Mon, 2017-11-06 at 12:36 +0100, Bastien Nocera wrote:
On Mon, 2017-11-06 at 12:26 +0100, Bastien Nocera wrote:
On Fri, 2017-11-03 at 02:39 +0000, Peter Keresztes Schmidt wrote:
Hi all,

I'm not sure if this was already discussed, at least I couldn't
find
anything related.

Are there any attempts to support encryption with the SMB
backend?
Browsing a bit around in the source I'd assume something around

diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 9040a9cb..6ffdddb9 100644
--- a/daemon/gvfsbackendsmb.c
+++ b/daemon/gvfsbackendsmb.c
@@ -417,6 +417,8 @@ do_mount (GVfsBackend *backend,
                                        op_backend->user !=
NULL);
   smbc_setOptionNoAutoAnonymousLogin (smb_context, TRUE);
 
+  smbc_setOptionSmbEncryptionLevel(smb_context,
SMBC_ENCRYPTLEVEL_REQUEST);
+
   if (!smbc_init_context (smb_context))
     {
       g_vfs_job_failed (G_VFS_JOB (job),


should do the trick. It'd be great if somebody could look into
this
since now everything is transported unencrypted over the wire
even
if
the server supports encryption.

Is there any particular reason why you didn't test this change?
After
compiling gvfs, you should be able to run the gvfsd-smb daemon
without
installing it using:
./gvfsd-smb server=[server ip address or hostname] share=[name of
the
share]

Testing against a few servers and reporting your results would go a
long way.

When that's done, you can probably file a bug against gvfs to
request
this change.

My cursory testing against a single server (my NAS) doesn't make the
mount fail, though I'm not sure how to assert that it's using
encryption other than snooping on the wire and checking whether I
can,
for example, read a text file in the clear.

I filed https://bugzilla.gnome.org/show_bug.cgi?id=790711

Cheers


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]