mirror of
https://github.com/brain-hackers/linux-brain.git
synced 2024-06-09 23:36:23 +09:00
7e7db86c7e
In order to debug certain problems it is important to be able to decrypt network traces (e.g. wireshark) but to do this we need to be able to dump out the encryption/decryption keys. Dumping them to an ioctl is safer than dumping then to dmesg, (and better than showing all keys in a pseudofile). Restrict this to root (CAP_SYS_ADMIN), and only for a mount that this admin has access to. Sample smbinfo output: SMB3.0 encryption Session Id: 0x82d2ec52 Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71 Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1 Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88 Reviewed-by: Aurelien Aptel <aaptel@suse.com> Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Steve French <stfrench@microsoft.com>
75 lines
2.2 KiB
C
75 lines
2.2 KiB
C
/*
|
|
* fs/cifs/cifs_ioctl.h
|
|
*
|
|
* Structure definitions for io control for cifs/smb3
|
|
*
|
|
* Copyright (c) 2015 Steve French <steve.french@primarydata.com>
|
|
*
|
|
* This library is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published
|
|
* by the Free Software Foundation; either version 2.1 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
|
|
* the GNU Lesser General Public License for more details.
|
|
*
|
|
*/
|
|
|
|
struct smb_mnt_fs_info {
|
|
__u32 version; /* 0001 */
|
|
__u16 protocol_id;
|
|
__u16 tcon_flags;
|
|
__u32 vol_serial_number;
|
|
__u32 vol_create_time;
|
|
__u32 share_caps;
|
|
__u32 share_flags;
|
|
__u32 sector_flags;
|
|
__u32 optimal_sector_size;
|
|
__u32 max_bytes_chunk;
|
|
__u32 fs_attributes;
|
|
__u32 max_path_component;
|
|
__u32 device_type;
|
|
__u32 device_characteristics;
|
|
__u32 maximal_access;
|
|
__u64 cifs_posix_caps;
|
|
} __packed;
|
|
|
|
struct smb_snapshot_array {
|
|
__u32 number_of_snapshots;
|
|
__u32 number_of_snapshots_returned;
|
|
__u32 snapshot_array_size;
|
|
/* snapshots[]; */
|
|
} __packed;
|
|
|
|
/* query_info flags */
|
|
#define PASSTHRU_QUERY_INFO 0x00000000
|
|
#define PASSTHRU_FSCTL 0x00000001
|
|
#define PASSTHRU_SET_INFO 0x00000002
|
|
struct smb_query_info {
|
|
__u32 info_type;
|
|
__u32 file_info_class;
|
|
__u32 additional_information;
|
|
__u32 flags;
|
|
__u32 input_buffer_length;
|
|
__u32 output_buffer_length;
|
|
/* char buffer[]; */
|
|
} __packed;
|
|
|
|
struct smb3_key_debug_info {
|
|
__u64 Suid;
|
|
__u16 cipher_type;
|
|
__u8 auth_key[16]; /* SMB2_NTLMV2_SESSKEY_SIZE */
|
|
__u8 smb3encryptionkey[SMB3_SIGN_KEY_SIZE];
|
|
__u8 smb3decryptionkey[SMB3_SIGN_KEY_SIZE];
|
|
} __packed;
|
|
|
|
#define CIFS_IOCTL_MAGIC 0xCF
|
|
#define CIFS_IOC_COPYCHUNK_FILE _IOW(CIFS_IOCTL_MAGIC, 3, int)
|
|
#define CIFS_IOC_SET_INTEGRITY _IO(CIFS_IOCTL_MAGIC, 4)
|
|
#define CIFS_IOC_GET_MNT_INFO _IOR(CIFS_IOCTL_MAGIC, 5, struct smb_mnt_fs_info)
|
|
#define CIFS_ENUMERATE_SNAPSHOTS _IOR(CIFS_IOCTL_MAGIC, 6, struct smb_snapshot_array)
|
|
#define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info)
|
|
#define CIFS_DUMP_KEY _IOWR(CIFS_IOCTL_MAGIC, 8, struct smb3_key_debug_info)
|