• Steve French's avatar
    smb3: allow decryption keys to be dumped by admin for debugging · 7e7db86c
    Steve French authored
    In order to debug certain problems it is important to be able
    to decrypt network traces (e.g. wireshark) but to do this we
    need to be able to dump out the encryption/decryption keys.
    Dumping them to an ioctl is safer than dumping then to dmesg,
    (and better than showing all keys in a pseudofile).
    
    Restrict this to root (CAP_SYS_ADMIN), and only for a mount
    that this admin has access to.
    
    Sample smbinfo output:
    SMB3.0 encryption
    Session Id:   0x82d2ec52
    Session Key:  a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
    Server Encryption Key:  1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
    Server Decryption Key:  e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88
    Reviewed-by: default avatarAurelien Aptel <aaptel@suse.com>
    Pavel Shilovsky <pshilov@microsoft.com>
    Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
    7e7db86c
cifs_ioctl.h 2.25 KB