sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-05 12:22:11 +03:00
Code Activity

As SMB3 has transport level encryption, allow smbclient -e to force encryted SMB3 transport.

Browse Source 
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Jeremy Allison
2013-08-16 10:44:34 -07:00
committed by Michael Adam
parent 25521c9085
commit 81e1058e20
3 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
libcli/smb/smbXcli_base.c
View File

@ -4949,6 +4949,27 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
return NT_STATUS_OK;
}
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
{
if (session->smb2->should_encrypt) {
return NT_STATUS_OK;
}
if (session->conn->protocol < PROTOCOL_SMB2_24) {
return NT_STATUS_NOT_SUPPORTED;
}
if (!(session->conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
return NT_STATUS_NOT_SUPPORTED;
}
if (session->smb2->signing_key.data == NULL) {
return NT_STATUS_NOT_SUPPORTED;
}
session->smb2->should_encrypt = true;
return NT_STATUS_OK;
}
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
{
struct smbXcli_tcon *tcon;

1
libcli/smb/smbXcli_base.h
View File

@ -294,6 +294,7 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
const DATA_BLOB channel_key,
const struct iovec *recv_iov);
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session);
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx);
uint16_t smb1cli_tcon_current_id(struct smbXcli_tcon *tcon);

18
source3/libsmb/clidfs.c
View File

@ -48,7 +48,23 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c,
const char *domain,
const char *sharename)
{
NTSTATUS status = cli_force_encryption(c,
NTSTATUS status;
if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
status = smb2cli_session_encryption_on(c->smb2.session);
if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
d_printf("Encryption required and "
"server doesn't support "
"SMB3 encryption - failing connect\n");
} else if (!NT_STATUS_IS_OK(status)) {
d_printf("Encryption required and "
"setup failed with error %s.\n",
nt_errstr(status));
}
return status;
}
status = cli_force_encryption(c,
username,
password,
domain);