mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
098774b244
commit
71d65278e1
@ -46,6 +46,12 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
|
|||||||
|
|
||||||
cred->signing_state = SMB_SIGNING_DEFAULT;
|
cred->signing_state = SMB_SIGNING_DEFAULT;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The default value of lpcfg_client_ipc_signing() is REQUIRED, so use
|
||||||
|
* the same value here.
|
||||||
|
*/
|
||||||
|
cred->ipc_signing_state = SMB_SIGNING_REQUIRED;
|
||||||
|
|
||||||
return cred;
|
return cred;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -930,6 +936,12 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
|
|||||||
cred->signing_state = lpcfg_client_signing(lp_ctx);
|
cred->signing_state = lpcfg_client_signing(lp_ctx);
|
||||||
cred->signing_state_obtained = CRED_SMB_CONF;
|
cred->signing_state_obtained = CRED_SMB_CONF;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (cred->ipc_signing_state_obtained <= CRED_SMB_CONF) {
|
||||||
|
/* Will be set to required for invalid smb.conf values */
|
||||||
|
cred->ipc_signing_state = lpcfg_client_ipc_signing(lp_ctx);
|
||||||
|
cred->ipc_signing_state_obtained = CRED_SMB_CONF;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1350,6 +1362,45 @@ cli_credentials_get_smb_signing(struct cli_credentials *creds)
|
|||||||
return creds->signing_state;
|
return creds->signing_state;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Set the SMB IPC signing state to request for a SMB connection.
|
||||||
|
*
|
||||||
|
* @param[in] creds The credentials structure to update.
|
||||||
|
*
|
||||||
|
* @param[in] signing_state The signing state to set.
|
||||||
|
*
|
||||||
|
* @param obtained This way the described signing state was specified.
|
||||||
|
*
|
||||||
|
* @return true if we could set the signing state, false otherwise.
|
||||||
|
*/
|
||||||
|
_PUBLIC_ bool
|
||||||
|
cli_credentials_set_smb_ipc_signing(struct cli_credentials *creds,
|
||||||
|
enum smb_signing_setting ipc_signing_state,
|
||||||
|
enum credentials_obtained obtained)
|
||||||
|
{
|
||||||
|
if (obtained >= creds->ipc_signing_state_obtained) {
|
||||||
|
creds->ipc_signing_state_obtained = obtained;
|
||||||
|
creds->ipc_signing_state = ipc_signing_state;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Obtain the SMB IPC signing state from a credentials structure.
|
||||||
|
*
|
||||||
|
* @param[in] creds The credential structure to obtain the SMB IPC signing
|
||||||
|
* state from.
|
||||||
|
*
|
||||||
|
* @return The SMB singing state.
|
||||||
|
*/
|
||||||
|
_PUBLIC_ enum smb_signing_setting
|
||||||
|
cli_credentials_get_smb_ipc_signing(struct cli_credentials *creds)
|
||||||
|
{
|
||||||
|
return creds->ipc_signing_state;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Encrypt a data blob using the session key and the negotiated encryption
|
* Encrypt a data blob using the session key and the negotiated encryption
|
||||||
* algorithm
|
* algorithm
|
||||||
|
@ -297,6 +297,12 @@ bool cli_credentials_set_smb_signing(struct cli_credentials *cred,
|
|||||||
enum smb_signing_setting
|
enum smb_signing_setting
|
||||||
cli_credentials_get_smb_signing(struct cli_credentials *cred);
|
cli_credentials_get_smb_signing(struct cli_credentials *cred);
|
||||||
|
|
||||||
|
bool cli_credentials_set_smb_ipc_signing(struct cli_credentials *cred,
|
||||||
|
enum smb_signing_setting ipc_signing_state,
|
||||||
|
enum credentials_obtained obtained);
|
||||||
|
enum smb_signing_setting
|
||||||
|
cli_credentials_get_smb_ipc_signing(struct cli_credentials *cred);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return attached NETLOGON credentials
|
* Return attached NETLOGON credentials
|
||||||
*/
|
*/
|
||||||
|
@ -38,6 +38,7 @@ struct cli_credentials {
|
|||||||
enum credentials_obtained keytab_obtained;
|
enum credentials_obtained keytab_obtained;
|
||||||
enum credentials_obtained server_gss_creds_obtained;
|
enum credentials_obtained server_gss_creds_obtained;
|
||||||
enum credentials_obtained signing_state_obtained;
|
enum credentials_obtained signing_state_obtained;
|
||||||
|
enum credentials_obtained ipc_signing_state_obtained;
|
||||||
|
|
||||||
/* Threshold values (essentially a MAX() over a number of the
|
/* Threshold values (essentially a MAX() over a number of the
|
||||||
* above) for the ccache and GSS credentials, to ensure we
|
* above) for the ccache and GSS credentials, to ensure we
|
||||||
@ -121,6 +122,8 @@ struct cli_credentials {
|
|||||||
bool password_will_be_nt_hash;
|
bool password_will_be_nt_hash;
|
||||||
|
|
||||||
enum smb_signing_setting signing_state;
|
enum smb_signing_setting signing_state;
|
||||||
|
|
||||||
|
enum smb_signing_setting ipc_signing_state;
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* __CREDENTIALS_INTERNAL_H__ */
|
#endif /* __CREDENTIALS_INTERNAL_H__ */
|
||||||
|
Loading…
Reference in New Issue
Block a user