sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

s3:utils: let smbstatus report anonymous signing/encryption explicitly

Browse Source 
We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224

(cherry picked from commit 5a54c9b28abb1464c84cb4be15a49718d8ae6795)
This commit is contained in:
Stefan Metzmacher 2023-07-03 15:14:38 +02:00
parent 9530c418a3
commit 2954489bd5
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
source3/utils/status.c
View File

@ -493,6 +493,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
if (encryption_degree == CRYPTO_DEGREE_FULL) {
fstr_sprintf(encryption, "%s", encryption_cipher);
} else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
} else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
} else {
@ -500,6 +502,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
}
if (signing_degree == CRYPTO_DEGREE_FULL) {
fstr_sprintf(signing, "%s", signing_cipher);
} else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
} else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
fstr_sprintf(signing, "partial(%s)", signing_cipher);
} else {
@ -586,6 +590,11 @@ static int traverse_connections(const struct connections_data *crec,
} else if (smbXsrv_is_partially_encrypted(crec->encryption_flags)) {
encryption_degree = CRYPTO_DEGREE_PARTIAL;
}
if (encryption_degree != CRYPTO_DEGREE_NONE &&
!crec->authenticated)
{
encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
}
}
if (smbXsrv_is_signed(crec->signing_flags) ||
@ -613,6 +622,11 @@ static int traverse_connections(const struct connections_data *crec,
} else if (smbXsrv_is_partially_signed(crec->signing_flags)) {
signing_degree = CRYPTO_DEGREE_PARTIAL;
}
if (signing_degree != CRYPTO_DEGREE_NONE &&
!crec->authenticated)
{
signing_degree = CRYPTO_DEGREE_ANONYMOUS;
}
}
if (!state->json_output) {
@ -655,6 +669,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
if (encryption_degree == CRYPTO_DEGREE_FULL) {
fstr_sprintf(encryption, "%s", encryption_cipher);
} else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
} else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
} else {
@ -662,6 +678,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
}
if (signing_degree == CRYPTO_DEGREE_FULL) {
fstr_sprintf(signing, "%s", signing_cipher);
} else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
} else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
fstr_sprintf(signing, "partial(%s)", signing_cipher);
} else {
@ -796,6 +814,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
} else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
encryption_degree = CRYPTO_DEGREE_PARTIAL;
}
if (encryption_degree != CRYPTO_DEGREE_NONE &&
!session->authenticated)
{
encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
}
}
if (smbXsrv_is_signed(session->signing_flags) ||
@ -823,6 +846,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
} else if (smbXsrv_is_partially_signed(session->signing_flags)) {
signing_degree = CRYPTO_DEGREE_PARTIAL;
}
if (signing_degree != CRYPTO_DEGREE_NONE &&
!session->authenticated)
{
signing_degree = CRYPTO_DEGREE_ANONYMOUS;
}
}

1
source3/utils/status.h
View File

@ -38,6 +38,7 @@ struct traverse_state {
enum crypto_degree {
CRYPTO_DEGREE_NONE,
CRYPTO_DEGREE_PARTIAL,
CRYPTO_DEGREE_ANONYMOUS,
CRYPTO_DEGREE_FULL
};

2
source3/utils/status_json.c
View File

@ -258,6 +258,8 @@ static int add_crypto_to_json(struct json_object *parent_json,
if (degree == CRYPTO_DEGREE_NONE) {
degree_str = "none";
} else if (degree == CRYPTO_DEGREE_ANONYMOUS) {
degree_str = "anonymous";
} else if (degree == CRYPTO_DEGREE_PARTIAL) {
degree_str = "partial";
} else {