diff options
author | Aurelien Aptel <aaptel@suse.com> | 2019-02-08 12:04:42 +0100 |
---|---|---|
committer | David Disseldorp <ddiss@samba.org> | 2019-02-09 18:30:14 +0100 |
commit | 0732499f23cebe6c5e24f596ff4fe41f8ab1d156 (patch) | |
tree | b3ffb69bbe60606a4c5c67cc052e5e6c16b1bb7f /docs-xml | |
parent | 67825c96473ff8731af415683b4a74caca7a6809 (diff) | |
download | samba-0732499f23cebe6c5e24f596ff4fe41f8ab1d156.tar.gz |
docs-xml: add "debug encryption" global parm
Add debug option to dump in the log the session id & keys in smbd and
libsmb-based code for offline decryption.
Wireshark can make use of this to decrypt encrypted traffic.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/smbdotconf/security/debugencryption.xml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/debugencryption.xml b/docs-xml/smbdotconf/security/debugencryption.xml new file mode 100644 index 00000000000..5b51b4afe0e --- /dev/null +++ b/docs-xml/smbdotconf/security/debugencryption.xml @@ -0,0 +1,22 @@ +<samba:parameter name="debug encryption" + context="G" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para> + This option will make the smbd server and client code using + libsmb (smbclient, smbget, smbspool, ...) dump the Session Id, + the decrypted Session Key, the Signing Key, the Application Key, + the Encryption Key and the Decryption Key every time an SMB3+ + session is established. This information will be printed in logs + at level 0. + </para> + <para> + Warning: access to these values enables the decryption of any + encrypted traffic on the dumped sessions. This option should + only be enabled for debugging purposes. + </para> + </description> + + <value type="default">no</value> +</samba:parameter> |