[SCM] Samba Shared Repository - branch master updated

Volker Lendecke Tue, 22 Jul 2025 08:10:21 -0700

The branch, master has been updated
       via  b72cc7ce6ac libcli/smb: use talloc_asprintf_addbuf() in 
smbXcli_session_dump_keys()
       via  8ac70dcd77d smbd: now also use smbXcli_session_dump_keys() in the 
server
       via  85123e4ad02 libcli/smb2: dump encryption key in format for 
Wireshark ~/.wireshark/smb2_seskey_list
       via  66fc47ff1da s4/libcli/smb2: dump encryption keys if enabled
       via  4824d9096c6 s4/libcli/smb2: pass lp_ctx to smb2_session_init() and 
remember debug encryption settings
       via  421e016c4ea libcli/smb: also dump signing_algo in 
smbXcli_session_dump_keys()
       via  0d517a065c4 libcli/smb: make smbXcli_session_dump_keys() usable for 
the server side
       via  73ad89c76c2 libcli/smb: move cli_session_dump_keys() to libsmb
      from  df9091b043a third_party/quic_ko_wrapper: Remove unused config check


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b72cc7ce6ac1d1e7dbd102a3e68cfbc6fef8cc6f
Author: Ralph Boehme <[email protected]>
Date:   Mon Jul 21 12:59:55 2025 +0200

    libcli/smb: use talloc_asprintf_addbuf() in smbXcli_session_dump_keys()
    
    Avoids DEBUGADD() which can lead to intersected output in the logfile.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>
    
    Autobuild-User(master): Volker Lendecke <[email protected]>
    Autobuild-Date(master): Tue Jul 22 15:09:11 UTC 2025 on atb-devel-224

commit 8ac70dcd77daa0516521ba2b90732a899832363b
Author: Ralph Boehme <[email protected]>
Date:   Sat Jul 19 08:56:29 2025 +0200

    smbd: now also use smbXcli_session_dump_keys() in the server
    
    Adds support for dumping keys in format for Wireshark
    ~/.wireshark/smb2_seskey_list
    
    Example:
    
      debug encryption: dumping generated session keys
      Session Id    [0000] 7D 00 00 E8 57 E0 31 01                             
}...W.1.
      Session Key   [0000] 71 54 77 50 C1 DD 66 68   A8 51 D8 DE 23 F4 91 01   
qTwP..fh .Q..#...
      Signing Key   [0000] B1 29 AC EF 41 30 AE D2   43 00 1F 67 87 29 BF DB   
.)..A0.. C..g.)..
      App Key       [0000] 6A 88 5C 51 51 22 FF 5C   25 95 A2 5C E2 2C FC 5D   
j.\QQ".\ %..\.,.]
      ServerIn Key  [0000] 20 08 EB A2 14 99 17 03   9C A5 9A BB B8 48 88 3C    
....... .....H.<
      ServerOut Key [0000] 15 AA C2 0D 19 AB 4C 26   64 E8 FC 94 B1 FE 27 5A   
......L& d.....'Z
      Wireshark configuration line
      
7d0000e857e03101,71547750c1dd6668a851d8de23f49101,15aac20d19ab4c2664e8fc94b1fe275a,2008eba2149917039ca59abbb848883c
    
    When setting
    
        debug encryption = yes
        debug encryption:wireshark keyfile = 
/home/slow/.wireshark/smb2_seskey_list
    
    the keys are appended directly to Wireshark's keyfile. Wireshark has to be
    restarted to pick them up.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 85123e4ad02b8e1c085beea43574417b9cc761d6
Author: Ralph Boehme <[email protected]>
Date:   Sat Jul 19 14:54:10 2025 +0200

    libcli/smb2: dump encryption key in format for Wireshark 
~/.wireshark/smb2_seskey_list
    
    This allows dumping the keys and quickly feeding them into Wireshark by 
adding
    them to ~/.wireshark/smb2_seskey_list.
    
    Example:
    
      debug encryption: dumping generated session keys
      Session Id    [0000] 7D 00 00 E8 57 E0 31 01                             
}...W.1.
      Session Key   [0000] 71 54 77 50 C1 DD 66 68   A8 51 D8 DE 23 F4 91 01   
qTwP..fh .Q..#...
      Signing Key   [0000] B1 29 AC EF 41 30 AE D2   43 00 1F 67 87 29 BF DB   
.)..A0.. C..g.)..
      App Key       [0000] 6A 88 5C 51 51 22 FF 5C   25 95 A2 5C E2 2C FC 5D   
j.\QQ".\ %..\.,.]
      ServerIn Key  [0000] 20 08 EB A2 14 99 17 03   9C A5 9A BB B8 48 88 3C    
....... .....H.<
      ServerOut Key [0000] 15 AA C2 0D 19 AB 4C 26   64 E8 FC 94 B1 FE 27 5A   
......L& d.....'Z
      Wireshark configuration line
      
7d0000e857e03101,71547750c1dd6668a851d8de23f49101,15aac20d19ab4c2664e8fc94b1fe275a,2008eba2149917039ca59abbb848883c
    
    When setting
    
        debug encryption = yes
        debug encryption:wireshark keyfile = 
/home/slow/.wireshark/smb2_seskey_list
    
    the keys are appended directly to Wireshark's keyfile. Wireshark has to be
    restarted to pick them up.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 66fc47ff1daafdf912e42a4fccafac2f2079ac7d
Author: Ralph Boehme <[email protected]>
Date:   Fri Jul 18 19:28:44 2025 +0200

    s4/libcli/smb2: dump encryption keys if enabled
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 4824d9096c66be6eea05aa3d62ae6cfd8388bee6
Author: Ralph Boehme <[email protected]>
Date:   Fri Jul 18 19:27:48 2025 +0200

    s4/libcli/smb2: pass lp_ctx to smb2_session_init() and remember debug 
encryption settings
    
    Not yet used, that comes next.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 421e016c4ea53a58b7f1badc401c400322d86bb5
Author: Ralph Boehme <[email protected]>
Date:   Sat Jul 19 15:43:03 2025 +0200

    libcli/smb: also dump signing_algo in smbXcli_session_dump_keys()
    
    The server side already does that and I'm aiming for consolidating server 
and
    client code for dumping the keys.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 0d517a065c48c6bac02de173f29039a81055e694
Author: Ralph Boehme <[email protected]>
Date:   Sat Jul 19 14:26:50 2025 +0200

    libcli/smb: make smbXcli_session_dump_keys() usable for the server side
    
    By passing the individual keys directly instead of passing the wrapping 
state
    objects, smbXcli_session_dump_keys() can later also be used by the server 
code.
    
    No change in behaviour.
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 73ad89c76c2f9b15d5849d3cc8e5ff6ba274c949
Author: Ralph Boehme <[email protected]>
Date:   Fri Jul 18 17:43:12 2025 +0200

    libcli/smb: move cli_session_dump_keys() to libsmb
    
    More callers to come...
    
    Signed-off-by: Ralph Boehme <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smbXcli_base.c      | 112 +++++++++++++++++++++++++++++++++++++++++
 libcli/smb/smbXcli_base.h      |   8 +++
 source3/libsmb/cliconnect.c    |  85 ++++++++++++-------------------
 source3/smbd/smb2_sesssetup.c  |  39 ++++++--------
 source4/libcli/smb2/connect.c  |   7 ++-
 source4/libcli/smb2/session.c  |  45 +++++++++++++++++
 source4/libcli/smb2/smb2.h     |   2 +
 source4/torture/smb2/bench.c   |   1 +
 source4/torture/smb2/secleak.c |   1 +
 source4/torture/smb2/session.c |   5 ++
 source4/torture/smb2/util.c    |   1 +
 11 files changed, 228 insertions(+), 78 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 2f21973f4a7..8e5d6bf18c3 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -7599,3 +7599,115 @@ NTSTATUS smb2cli_parse_dyn_buffer(uint32_t dyn_offset,
        };
        return NT_STATUS_OK;
 }
+
+struct smbXcli_session_dump_cp_state {
+       char *s;
+};
+
+static void smbXcli_session_dump_keys_cb(const char *buf, void *private_data)
+{
+       struct smbXcli_session_dump_cp_state *state = private_data;
+
+       talloc_asprintf_addbuf(&state->s, "%s", buf);
+}
+
+void smbXcli_session_dump_keys(uint64_t session_id,
+                              DATA_BLOB *session_key,
+                              uint16_t signing_algo,
+                              DATA_BLOB *signing_key,
+                              DATA_BLOB *application_key,
+                              DATA_BLOB *encryption_key,
+                              DATA_BLOB *decryption_key,
+                              const char *wireshark_keyfile)
+{
+       struct smbXcli_session_dump_cp_state state = {
+               .s = talloc_strdup(talloc_tos(), ""),
+       };
+       DATA_BLOB sidb = {
+               .data = (uint8_t *)&session_id, .length = sizeof(session_id)
+       };
+       char *line = NULL;
+       int fd = -1;
+       ssize_t written;
+
+       talloc_asprintf_addbuf(&state.s, "debug encryption: dumping generated 
session keys\n");
+       talloc_asprintf_addbuf(&state.s, "Session Id    ");
+       dump_data_cb((uint8_t*)&session_id,
+                    sizeof(session_id),
+                    false,
+                    smbXcli_session_dump_keys_cb,
+                    &state);
+       talloc_asprintf_addbuf(&state.s, "Session Key   ");
+       dump_data_cb(session_key->data,
+                    session_key->length,
+                    false,
+                    smbXcli_session_dump_keys_cb,
+                    &state);
+       talloc_asprintf_addbuf(&state.s, "Signing Algo: %u\n", signing_algo);
+       talloc_asprintf_addbuf(&state.s, "Signing Key   ");
+       dump_data_cb(signing_key->data,
+                    signing_key->length,
+                    false,
+                    smbXcli_session_dump_keys_cb,
+                    &state);
+       talloc_asprintf_addbuf(&state.s, "App Key       ");
+       dump_data_cb(application_key->data,
+                    application_key->length,
+                    false,
+                    smbXcli_session_dump_keys_cb,
+                    &state);
+
+       /* In client code, ServerIn is the encryption key */
+
+       talloc_asprintf_addbuf(&state.s, "ServerIn Key  ");
+       dump_data_cb(encryption_key->data,
+                    encryption_key->length,
+                    false,
+                    smbXcli_session_dump_keys_cb,
+                    &state);
+       talloc_asprintf_addbuf(&state.s, "ServerOut Key ");
+       dump_data_cb(decryption_key->data,
+                    decryption_key->length,
+                    false,
+                    smbXcli_session_dump_keys_cb,
+                    &state);
+
+       talloc_asprintf_addbuf(&state.s, "Wireshark configuration line:\n");
+       line = talloc_asprintf(
+               talloc_tos(),
+               "%s,%s,%s,%s\n",
+               data_blob_hex_string_lower(state.s, &sidb),
+               data_blob_hex_string_lower(state.s, session_key),
+               data_blob_hex_string_lower(state.s, decryption_key),
+               data_blob_hex_string_lower(state.s, encryption_key));
+       if (line == NULL) {
+               goto done;
+       }
+       talloc_asprintf_addbuf(&state.s, "%s", line);
+
+       DEBUG(0, ("%s", state.s));
+
+       if (wireshark_keyfile == NULL) {
+               goto done;
+       }
+       fd = open(wireshark_keyfile, O_WRONLY | O_APPEND);
+       if (fd == -1) {
+               DBG_ERR("Failed to open '%s': %s\n",
+                       wireshark_keyfile, strerror(errno));
+               goto done;
+       }
+
+       written = write(fd, line, strlen(line));
+       if (written != strlen(line)) {
+               DBG_ERR("Failed to write '%s' to '%s', only wrote: %zd\n",
+                       line, wireshark_keyfile, written);
+               goto done;
+       }
+
+done:
+       TALLOC_FREE(line);
+       TALLOC_FREE(state.s);
+       if (fd != -1) {
+               close(fd);
+       }
+}
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 8b5db773c98..0e6bc468a18 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -530,6 +530,14 @@ struct smbXcli_session 
*smbXcli_session_shallow_copy(TALLOC_CTX *mem_ctx,
                                               struct smbXcli_session *src);
 bool smbXcli_session_is_guest(struct smbXcli_session *session);
 bool smbXcli_session_is_authenticated(struct smbXcli_session *session);
+void smbXcli_session_dump_keys(uint64_t session_id,
+                              DATA_BLOB *session_key,
+                              uint16_t signing_algo,
+                              DATA_BLOB *signing_key,
+                              DATA_BLOB *application_key,
+                              DATA_BLOB *encryption_key,
+                              DATA_BLOB *decryption_key,
+                              const char *wireshark_keyfile);
 NTSTATUS smb2cli_session_signing_key(struct smbXcli_session *session,
                                     TALLOC_CTX *mem_ctx,
                                     DATA_BLOB *key);
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 82aef739d57..116f746d37e 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -993,58 +993,6 @@ static void cli_session_setup_gensec_remote_done(struct 
tevent_req *subreq)
        cli_session_setup_gensec_local_next(req);
 }
 
-static void cli_session_dump_keys(TALLOC_CTX *mem_ctx,
-                                 struct smbXcli_session *session,
-                                 DATA_BLOB session_key)
-{
-       NTSTATUS status;
-       DATA_BLOB sig = data_blob_null;
-       DATA_BLOB app = data_blob_null;
-       DATA_BLOB enc = data_blob_null;
-       DATA_BLOB dec = data_blob_null;
-       uint64_t sid = smb2cli_session_current_id(session);
-
-       status = smb2cli_session_signing_key(session, mem_ctx, &sig);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-       status = smbXcli_session_application_key(session, mem_ctx, &app);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-       status = smb2cli_session_encryption_key(session, mem_ctx, &enc);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-       status = smb2cli_session_decryption_key(session, mem_ctx, &dec);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-
-       DEBUG(0, ("debug encryption: dumping generated session keys\n"));
-       DEBUGADD(0, ("Session Id    "));
-       dump_data(0, (uint8_t*)&sid, sizeof(sid));
-       DEBUGADD(0, ("Session Key   "));
-       dump_data(0, session_key.data, session_key.length);
-       DEBUGADD(0, ("Signing Key   "));
-       dump_data(0, sig.data, sig.length);
-       DEBUGADD(0, ("App Key       "));
-       dump_data(0, app.data, app.length);
-
-       /* In client code, ServerIn is the encryption key */
-
-       DEBUGADD(0, ("ServerIn Key  "));
-       dump_data(0, enc.data, enc.length);
-       DEBUGADD(0, ("ServerOut Key "));
-       dump_data(0, dec.data, dec.length);
-
-out:
-       data_blob_clear_free(&sig);
-       data_blob_clear_free(&app);
-       data_blob_clear_free(&enc);
-       data_blob_clear_free(&dec);
-}
-
 static void cli_session_setup_gensec_ready(struct tevent_req *req)
 {
        struct cli_session_setup_gensec_state *state =
@@ -1115,7 +1063,38 @@ static void cli_session_setup_gensec_ready(struct 
tevent_req *req)
                if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB3_00
                    && lp_debug_encryption())
                {
-                       cli_session_dump_keys(state, session, 
state->session_key);
+                       DATA_BLOB sig, app, enc, dec;
+                       const char *wireshark_keyfile = lp_parm_const_string(
+                               GLOBAL_SECTION_SNUM,
+                               "debug encryption",
+                               "wireshark keyfile",
+                               NULL);
+
+                       status = smb2cli_session_signing_key(session, state, 
&sig);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+                       status = smbXcli_session_application_key(session, 
state, &app);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+                       status = smb2cli_session_encryption_key(session, state, 
&enc);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+                       status = smb2cli_session_decryption_key(session, state, 
&dec);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+
+                       
smbXcli_session_dump_keys(smb2cli_session_current_id(session),
+                                                 &state->session_key,
+                                                 
smb2cli_conn_server_signing_algo(state->cli->conn),
+                                                 &sig,
+                                                 &app,
+                                                 &enc,
+                                                 &dec,
+                                                 wireshark_keyfile);
                }
        } else {
                struct smbXcli_session *session = state->cli->smb1.session;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 4be53c8a2d0..de98979788c 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -30,6 +30,7 @@
 #include "../libcli/security/security.h"
 #include "../lib/util/tevent_ntstatus.h"
 #include "source3/lib/substitute.h"
+#include "libcli/smb/smbXcli_base.h"
 
 #include "lib/crypto/gnutls_helpers.h"
 #include <gnutls/gnutls.h>
@@ -384,30 +385,20 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct 
smbXsrv_session *session,
        x->global->application_key_blob = x->global->application_key->blob;
 
        if (xconn->protocol >= PROTOCOL_SMB3_00 && lp_debug_encryption()) {
-               DEBUG(0, ("debug encryption: dumping generated session 
keys\n"));
-               DEBUGADD(0, ("Session Id    "));
-               dump_data(0, (uint8_t*)&session->global->session_wire_id,
-                         sizeof(session->global->session_wire_id));
-               DEBUGADD(0, ("Session Key   "));
-               dump_data(0, session_info->session_key.data,
-                         session_info->session_key.length);
-               DEBUGADD(0, ("Signing Algo: %u\n", x->global->signing_algo));
-               DEBUGADD(0, ("Signing Key   "));
-               dump_data(0, x->global->signing_key_blob.data,
-                         x->global->signing_key_blob.length);
-               DEBUGADD(0, ("App Key       "));
-               dump_data(0, x->global->application_key_blob.data,
-                         x->global->application_key_blob.length);
-
-               /* In server code, ServerIn is the decryption key */
-
-               DEBUGADD(0, ("Cipher Algo: %u\n", 
x->global->encryption_cipher));
-               DEBUGADD(0, ("ServerIn Key  "));
-               dump_data(0, x->global->decryption_key_blob.data,
-                         x->global->decryption_key_blob.length);
-               DEBUGADD(0, ("ServerOut Key "));
-               dump_data(0, x->global->encryption_key_blob.data,
-                         x->global->encryption_key_blob.length);
+               const char *wireshark_keyfile = lp_parm_const_string(
+                       GLOBAL_SECTION_SNUM,
+                       "debug encryption",
+                       "wireshark keyfile",
+                       NULL);
+
+               smbXcli_session_dump_keys(session->global->session_wire_id,
+                                         &session_info->session_key,
+                                         x->global->signing_algo,
+                                         &x->global->signing_key_blob,
+                                         &x->global->application_key_blob,
+                                         &x->global->encryption_key_blob,
+                                         &x->global->decryption_key_blob,
+                                         wireshark_keyfile);
        }
 
        status = smb2_signing_key_copy(x->global->channels,
diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index b1c2b56a3e0..92b3364c6c2 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -36,6 +36,7 @@
 struct smb2_connect_state {
        struct tevent_context *ev;
        struct cli_credentials *credentials;
+       struct loadparm_context *lp_ctx;
        bool fallback_to_anonymous;
        uint64_t previous_session_id;
        struct resolve_context *resolve_ctx;
@@ -86,6 +87,7 @@ struct tevent_req *smb2_connect_send(TALLOC_CTX *mem_ctx,
 
        state->ev = ev;
        state->credentials = credentials;
+       state->lp_ctx = lp_ctx;
        state->fallback_to_anonymous = fallback_to_anonymous;
        state->previous_session_id = previous_session_id;
        state->options = *options;
@@ -214,7 +216,10 @@ static void smb2_connect_session_start(struct tevent_req 
*req)
        struct smb2_transport *transport = state->transport;
        struct tevent_req *subreq = NULL;
 
-       state->session = smb2_session_init(transport, state->gensec_settings, 
state);
+       state->session = smb2_session_init(transport,
+                                          state->lp_ctx,
+                                          state->gensec_settings,
+                                          state);
        if (tevent_req_nomem(state->session, req)) {
                return;
        }
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 322a7bd6860..2e9d32a98e5 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -29,11 +29,13 @@
 #include "auth/gensec/gensec.h"
 #include "auth/credentials/credentials.h"
 #include "../libcli/smb/smbXcli_base.h"
+#include "lib/param/param.h"
 
 /**
   initialise a smb2_session structure
  */
 struct smb2_session *smb2_session_init(struct smb2_transport *transport,
+                                      struct loadparm_context *lp_ctx,
                                       struct gensec_settings *settings,
                                       TALLOC_CTX *parent_ctx)
 {
@@ -45,6 +47,11 @@ struct smb2_session *smb2_session_init(struct smb2_transport 
*transport,
                return NULL;
        }
        session->transport = talloc_steal(session, transport);
+       session->debug_encryption = lpcfg_debug_encryption(lp_ctx);
+       session->wireshark_keyfile = lpcfg_parm_string(lp_ctx,
+                                                      NULL,
+                                                      "debug encryption",
+                                                      "wireshark keyfile");
 
        session->smbXcli = smbXcli_session_create(session, transport->conn);
        if (session->smbXcli == NULL) {
@@ -426,6 +433,44 @@ static void smb2_session_setup_spnego_both_ready(struct 
tevent_req *req)
                if (tevent_req_nterror(req, status)) {
                        return;
                }
+               if ((smbXcli_conn_protocol(session->transport->conn) >=
+                    PROTOCOL_SMB3_00)
+                   && session->debug_encryption)
+               {
+                       DATA_BLOB sig, app, enc, dec;
+
+                       status = smb2cli_session_signing_key(
+                               session->smbXcli, state, &sig);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+                       status = smbXcli_session_application_key(
+                               session->smbXcli, state, &app);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+                       status = smb2cli_session_encryption_key(
+                               session->smbXcli, state, &enc);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+                       status = smb2cli_session_decryption_key(
+                               session->smbXcli, state, &dec);
+                       if (tevent_req_nterror(req, status)) {
+                               return;
+                       }
+
+                       smbXcli_session_dump_keys(
+                               smb2cli_session_current_id(session->smbXcli),
+                               &session_key,
+                               smb2cli_conn_server_signing_algo(
+                                       session->transport->conn),
+                               &sig,
+                               &app,
+                               &enc,
+                               &dec,
+                               session->wireshark_keyfile);
+               }
        }
        tevent_req_done(req);
        return;
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index 1e2f1859fb4..987b1f6bfcb 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -129,6 +129,8 @@ struct smb2_session {
        struct smbXcli_session *smbXcli;
        bool needs_bind;
        bool anonymous_session_key;
+       bool debug_encryption;
+       const char *wireshark_keyfile;
        DATA_BLOB forced_session_key;
 };
 
diff --git a/source4/torture/smb2/bench.c b/source4/torture/smb2/bench.c
index e16409bae18..48c7aabea4f 100644
--- a/source4/torture/smb2/bench.c
+++ b/source4/torture/smb2/bench.c
@@ -1475,6 +1475,7 @@ static void test_smb2_bench_session_setup_loop_do_setup(
        struct test_smb2_bench_session_setup_shared_state *state = loop->state;
 
        loop->session = smb2_session_init(loop->conn->transport,
+                                         state->tctx->lp_ctx,
                                          state->gensec_settings,
                                          loop->conn->transport);
        torture_assert_goto(state->tctx, loop->session != NULL,
diff --git a/source4/torture/smb2/secleak.c b/source4/torture/smb2/secleak.c
index ca709ed2f0f..10d4548d107 100644
--- a/source4/torture/smb2/secleak.c
+++ b/source4/torture/smb2/secleak.c
@@ -43,6 +43,7 @@ static bool try_failed_login(struct torture_context *tctx, 
struct smb2_tree *tre
        bool result = true;
 
        session = smb2_session_init(tree->session->transport,
+                                   tctx->lp_ctx,
                                    lpcfg_gensec_settings(tctx, tctx->lp_ctx),
                                    tctx);
        torture_assert(tctx, session, "Session initialization failed");
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index f8f4eac511f..9e80fb554c5 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -2451,6 +2451,7 @@ static bool test_session_bind_auth_mismatch(struct 
torture_context *tctx,
         * are mapped to guest.
         */
        session3_1 = smb2_session_init(transport1,
+                                      tctx->lp_ctx,
                                       lpcfg_gensec_settings(tctx, 
tctx->lp_ctx),
                                       tctx);
        torture_assert(tctx, session3_1 != NULL, "smb2_session_channel failed");
@@ -2805,6 +2806,7 @@ static bool test_session_bind_negative_smbXtoX(struct 
torture_context *tctx,
         * session keys.
         */
        session1_2 = smb2_session_init(transport2,
+                                      tctx->lp_ctx,
                                       lpcfg_gensec_settings(tctx, 
tctx->lp_ctx),
                                       tree2_0);
        torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
@@ -5772,6 +5774,7 @@ static bool test_session_anon_encryption2(struct 
torture_context *tctx,
        torture_assert(tctx, ok, "smbXcli_session_is_authenticated(user)");
 
        anon_session = smb2_session_init(transport,
+                                        tctx->lp_ctx,
                                         lpcfg_gensec_settings(tctx, 
tctx->lp_ctx),
                                         tctx);
        torture_assert(tctx, anon_session != NULL, "smb2_session_init(anon)");
@@ -5919,6 +5922,7 @@ static bool test_session_anon_encryption3(struct 
torture_context *tctx,
        torture_assert(tctx, ok, "smbXcli_session_is_authenticated(user)");
 
        anon_session = smb2_session_init(transport,
+                                        tctx->lp_ctx,
                                         lpcfg_gensec_settings(tctx, 
tctx->lp_ctx),
                                         tctx);
        torture_assert(tctx, anon_session != NULL, "smb2_session_init(anon)");
@@ -6153,6 +6157,7 @@ static bool test_session_anon_signing2(struct 
torture_context *tctx,
         */
        session_id = smb2cli_session_current_id(anon_session->smbXcli);
        anon_session_nosign = smb2_session_init(transport,
+                                               tctx->lp_ctx,
                                                lpcfg_gensec_settings(tctx, 
tctx->lp_ctx),
                                                tctx);
        torture_assert(tctx, anon_session_nosign != NULL, 
"smb2_session_init(anon_nosign)");
diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c
index 65989db0325..22b11e425b6 100644
--- a/source4/torture/smb2/util.c
+++ b/source4/torture/smb2/util.c
@@ -364,6 +364,7 @@ bool torture_smb2_session_setup(struct torture_context 
*tctx,
        struct smb2_session *session;
 
        session = smb2_session_init(transport,
+                                   tctx->lp_ctx,
                                    lpcfg_gensec_settings(tctx, tctx->lp_ctx),
                                    mem_ctx);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to