]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1e689a5)
ksmbd: Don't log keys in SMB3 signing and encryption key generation
authorThorsten Blum <thorsten.blum@linux.dev>
Tue, 3 Mar 2026 13:25:53 +0000 (14:25 +0100)
committerSteve French <stfrench@microsoft.com>
Mon, 9 Mar 2026 02:28:39 +0000 (21:28 -0500)
When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and
generate_smb3encryptionkey() log the session, signing, encryption, and
decryption key bytes. Remove the logs to avoid exposing credentials.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/smb/server/auth.c patch | blob | blame | history

diff --git a/fs/smb/server/auth.c b/fs/smb/server/auth.c
index 5fe8c667c6b1d9bd7cd40dfc47aea1211fc7d03f..af5f4030433171e2523833259dbead30dc881c42 100644 (file)
--- a/fs/smb/server/auth.c
+++ b/fs/smb/server/auth.c
@@ -589,12 +589,8 @@ static int generate_smb3signingkey(struct ksmbd_session *sess,
        if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
                memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
 
-       ksmbd_debug(AUTH, "dumping generated AES signing keys\n");
+       ksmbd_debug(AUTH, "generated SMB3 signing key\n");
        ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
-       ksmbd_debug(AUTH, "Session Key   %*ph\n",
-                   SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
-       ksmbd_debug(AUTH, "Signing Key   %*ph\n",
-                   SMB3_SIGN_KEY_SIZE, key);
        return 0;
 }
 
@@ -652,23 +648,9 @@ static void generate_smb3encryptionkey(struct ksmbd_conn *conn,
                     ptwin->decryption.context,
                     sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);
 
-       ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");
+       ksmbd_debug(AUTH, "generated SMB3 encryption/decryption keys\n");
        ksmbd_debug(AUTH, "Cipher type   %d\n", conn->cipher_type);
        ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);
-       ksmbd_debug(AUTH, "Session Key   %*ph\n",
-                   SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);
-       if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
-           conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {
-               ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
-                           SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);
-               ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
-                           SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3decryptionkey);
-       } else {
-               ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",
-                           SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3encryptionkey);
-               ksmbd_debug(AUTH, "ServerOut Key %*ph\n",
-                           SMB3_GCM128_CRYPTKEY_SIZE, sess->smb3decryptionkey);
-       }
 }
 
 void ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,
A mirror of Linus' kernel repository