samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

History

Aurelien Aptel 584dfc15fd libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set Use of previously added smb.conf global param. Sample usage: $ smbclient //localhost/scratch --option='debugencryption=yes' \ -e -mSMB3 -U aaptel%aaptel -c quit debug encryption: dumping generated session keys Session Id [0000] 26 48 BF FD 00 00 00 00 &H...... Session Key [0000] 63 D6 CA BC 08 C8 4A D2 45 F6 AE 35 AB 4A B3 3B c.....J. E..5.J.; Signing Key [0000] 4E FE 35 92 AC 13 14 FC C9 17 62 B1 82 20 A4 12 N.5..... ..b.. .. App Key [0000] A5 0F F4 8B 2F FB 0D FF F2 BF EE 39 E6 6D F5 0A ..../... ...9.m.. ServerIn Key [0000] 2A 02 7E E1 D3 58 D8 12 4C 63 76 AE 59 17 5A E4 *.~..X.. Lcv.Y.Z. ServerOut Key [0000] 59 F2 5B 7F 66 8F 31 A0 A5 E4 A8 D8 2F BA 00 38 Y.[.f.1. ..../..8 We can now simply pass -ouat:smb2_seskey_list:<sesid>,<seskey> to wireshark or tshark: $ tshark -ouat:smb2_seskey_list:2648BFFD00000000,63D6CABC08C84AD245F6AE35AB4AB33B \ -Y smb2 -r capture.pcap -Tfields -e _ws.col.Info Negotiate Protocol Response Negotiate Protocol Request Negotiate Protocol Response Session Setup Request, NTLMSSP_NEGOTIATE Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE Session Setup Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel Session Setup Response Tree Connect Request Tree: \\localhost\IPC$ Tree Connect Response Decrypted SMB3;Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \localhost\scratch Decrypted SMB3;Ioctl Response, Error: STATUS_NOT_FOUND Decrypted SMB3;Tree Disconnect Request Decrypted SMB3;Tree Disconnect Response Decrypted SMB3;Tree Connect Request Tree: \\localhost\scratch Decrypted SMB3;Tree Connect Response Decrypted SMB3;Tree Disconnect Request Decrypted SMB3;Tree Disconnect Response For more info on Wireshark decryption support see https://wiki.samba.org/index.php/Wireshark_Decryption Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Sat Feb 9 21:43:25 CET 2019 on sn-devel-144		2019-02-09 21:43:25 +01:00
..
auth	auth3: Use dom_sid_str_buf	2019-01-08 03:40:27 +01:00
build	source3/build/charset.py: update to handle waf 2.0.4	2018-09-05 06:37:23 +02:00
client	s3:client: Use C99 initializer for poptOption in smbclient	2019-01-28 10:29:13 +01:00
exports
groupdb	groupdb: Use dom_sid_str_buf	2018-12-20 23:40:24 +01:00
include	s3:vfs: Correctly check if OFD locks should be enabled or not	2019-02-09 03:43:50 +01:00
intl	lib: Pass mem_ctx to lock_path()	2018-08-17 11:30:10 +02:00
lib	s3:vfs: Correctly check if OFD locks should be enabled or not	2019-02-09 03:43:50 +01:00
libads	s3:libads: do an early return if we don't have a password for ads_kinit_password()	2018-12-23 18:15:19 +01:00
libgpo/gpext	libgpo: Fix CID 1438462 Error handling issues (CHECKED_RETURN)	2018-08-22 00:58:41 +02:00
libnet	libnet: Use dom_sid_str_buf	2018-12-20 23:40:25 +01:00
librpc	librpc: Add kerberos tracing	2018-12-19 21:49:29 +01:00
libsmb	libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set	2019-02-09 21:43:25 +01:00
locale	pam_winbind: initial Turkish translation	2017-11-15 13:52:05 +01:00
locking	leases: Streamline leases_db_key a bit	2018-10-03 04:11:59 +02:00
modules	s3:vfs: Correctly check if OFD locks should be enabled or not	2019-02-09 03:43:50 +01:00
nmbd	s3:nmbd: small improvements in --help strings	2019-01-28 14:28:29 +01:00
param	s3:param: Use C99 initializer for poptOption in test_lp_load	2019-01-28 10:29:15 +01:00
passdb	smbd: Avoid sending S-1-22- to winbind	2019-02-08 08:51:19 +01:00
printing	printing: check lp_load_printers() prior to pcap cache update	2019-02-01 19:25:03 +01:00
profile	profiling: stop smbprofile from growing unnecessarily	2019-01-16 02:01:55 +01:00
registry	s3:registry: Use C99 initializer for BOM	2019-01-28 10:29:23 +01:00
rpc_client	s3-rpc_client: Advertise Windows 7 client info	2018-09-08 01:43:27 +02:00
rpc_server	build: Get rid of hardcoded 'bin/default' in includes	2019-02-08 08:51:19 +01:00
rpcclient	s3:rpcclient: Use C99 initializer for cmd_set in cmd_shutdown	2019-01-28 10:29:20 +01:00
script	s3: tests: Add regression test for smbd crash on share force group change with existing connection.	2019-01-25 13:20:23 +01:00
selftest	s3: tests: Add regression test for smbd crash on share force group change with existing connection.	2019-01-25 13:20:23 +01:00
services	srcctl3: Improve debug messages	2018-01-16 02:43:03 +01:00
smbd	libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set	2019-02-09 21:43:25 +01:00
torture	s3:torture: Use C99 initializer for torture_ops	2019-01-28 10:29:23 +01:00
utils	utils:libgpo: re-add libgpo as library, it should not be part of gpext	2019-01-28 15:44:18 +01:00
web
winbindd	winbindd: Enhance xids2sids debugging	2019-02-08 13:30:32 +01:00
.clang_complete
.dmallocrc
.indent.pro
Doxyfile
mainpage.dox
smbadduser.in
wscript	vfs_glusterfs: Adapt to changes in libgfapi signatures	2019-02-03 17:00:33 +01:00
wscript_build	s3:lib: add per_thread_cwd_{check,supported,disable,activate}() helper functions	2019-01-11 23:11:11 +01:00
wscript_configure_system_ncurses	source3/wscript_configure_system_ncurses: update to handle waf 2.0.4	2018-09-05 06:37:24 +02:00