mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
s3:smbstatus: pretty print the use of new signing/encryption algorithms
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher
parent
f435de5917
commit
b576123dd9
@ -41,6 +41,7 @@ struct sessionid {
|
||||
uint16_t connection_dialect;
|
||||
uint8_t encryption_flags;
|
||||
uint16_t cipher;
|
||||
uint16_t signing;
|
||||
uint8_t signing_flags;
|
||||
};
|
||||
|
||||
|
||||
@ -72,6 +72,7 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
|
||||
session.encryption_flags = global->encryption_flags;
|
||||
session.cipher = global->channels[0].encryption_cipher;
|
||||
session.signing_flags = global->signing_flags;
|
||||
session.signing = global->channels[0].signing_algo;
|
||||
|
||||
return state->fn(NULL, &session, state->private_data);
|
||||
}
|
||||
|
||||
@ -44,6 +44,7 @@ struct connections_forall_session {
|
||||
fstring addr;
|
||||
uint16_t cipher;
|
||||
uint16_t dialect;
|
||||
uint16_t signing;
|
||||
uint8_t signing_flags;
|
||||
};
|
||||
|
||||
@ -67,6 +68,7 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
|
||||
fstrcpy(sess.machine, global->channels[0].remote_name);
|
||||
fstrcpy(sess.addr, global->channels[0].remote_address);
|
||||
sess.cipher = global->channels[0].encryption_cipher;
|
||||
sess.signing = global->channels[0].signing_algo;
|
||||
sess.dialect = global->connection_dialect;
|
||||
sess.signing_flags = global->signing_flags;
|
||||
|
||||
@ -133,6 +135,7 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
|
||||
data.encryption_flags = global->encryption_flags;
|
||||
data.cipher = sess.cipher;
|
||||
data.dialect = sess.dialect;
|
||||
data.signing = sess.signing;
|
||||
data.signing_flags = global->signing_flags;
|
||||
|
||||
state->count++;
|
||||
|
||||
@ -37,6 +37,7 @@ struct connections_data {
|
||||
uint16_t cipher;
|
||||
uint16_t dialect;
|
||||
uint8_t signing_flags;
|
||||
uint16_t signing;
|
||||
};
|
||||
|
||||
/* The following definitions come from lib/conn_tdb.c */
|
||||
|
||||
@ -358,12 +358,23 @@ static int traverse_connections(const struct connections_key *key,
|
||||
}
|
||||
|
||||
if (smbXsrv_is_signed(crec->signing_flags)) {
|
||||
if (crec->dialect >= SMB3_DIALECT_REVISION_302) {
|
||||
signing = "AES-128-CMAC";
|
||||
} else if (crec->dialect >= SMB2_DIALECT_REVISION_202) {
|
||||
signing = "HMAC-SHA256";
|
||||
} else {
|
||||
switch (crec->signing) {
|
||||
case SMB2_SIGNING_MD5_SMB1:
|
||||
signing = "HMAC-MD5";
|
||||
break;
|
||||
case SMB2_SIGNING_HMAC_SHA256:
|
||||
signing = "HMAC-SHA256";
|
||||
break;
|
||||
case SMB2_SIGNING_AES128_CMAC:
|
||||
signing = "AES-128-CMAC";
|
||||
break;
|
||||
case SMB2_SIGNING_AES128_GMAC:
|
||||
signing = "AES-128-GMAC";
|
||||
break;
|
||||
default:
|
||||
signing = "???";
|
||||
result = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -450,6 +461,12 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
|
||||
case SMB2_ENCRYPTION_AES128_GCM:
|
||||
encryption = "AES-128-GCM";
|
||||
break;
|
||||
case SMB2_ENCRYPTION_AES256_CCM:
|
||||
encryption = "AES-256-CCM";
|
||||
break;
|
||||
case SMB2_ENCRYPTION_AES256_GCM:
|
||||
encryption = "AES-256-GCM";
|
||||
break;
|
||||
default:
|
||||
encryption = "???";
|
||||
result = -1;
|
||||
@ -466,6 +483,12 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
|
||||
case SMB2_ENCRYPTION_AES128_GCM:
|
||||
encryption = "partial(AES-128-GCM)";
|
||||
break;
|
||||
case SMB2_ENCRYPTION_AES256_CCM:
|
||||
encryption = "partial(AES-256-CCM)";
|
||||
break;
|
||||
case SMB2_ENCRYPTION_AES256_GCM:
|
||||
encryption = "partial(AES-256-GCM)";
|
||||
break;
|
||||
default:
|
||||
encryption = "???";
|
||||
result = -1;
|
||||
@ -474,20 +497,42 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
|
||||
}
|
||||
|
||||
if (smbXsrv_is_signed(session->signing_flags)) {
|
||||
if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
|
||||
signing = "AES-128-CMAC";
|
||||
} else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
|
||||
signing = "HMAC-SHA256";
|
||||
} else {
|
||||
switch (session->signing) {
|
||||
case SMB2_SIGNING_MD5_SMB1:
|
||||
signing = "HMAC-MD5";
|
||||
break;
|
||||
case SMB2_SIGNING_HMAC_SHA256:
|
||||
signing = "HMAC-SHA256";
|
||||
break;
|
||||
case SMB2_SIGNING_AES128_CMAC:
|
||||
signing = "AES-128-CMAC";
|
||||
break;
|
||||
case SMB2_SIGNING_AES128_GMAC:
|
||||
signing = "AES-128-GMAC";
|
||||
break;
|
||||
default:
|
||||
signing = "???";
|
||||
result = -1;
|
||||
break;
|
||||
}
|
||||
} else if (smbXsrv_is_partially_signed(session->signing_flags)) {
|
||||
if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
|
||||
signing = "partial(AES-128-CMAC)";
|
||||
} else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
|
||||
signing = "partial(HMAC-SHA256)";
|
||||
} else {
|
||||
switch (session->signing) {
|
||||
case SMB2_SIGNING_MD5_SMB1:
|
||||
signing = "partial(HMAC-MD5)";
|
||||
break;
|
||||
case SMB2_SIGNING_HMAC_SHA256:
|
||||
signing = "partial(HMAC-SHA256)";
|
||||
break;
|
||||
case SMB2_SIGNING_AES128_CMAC:
|
||||
signing = "partial(AES-128-CMAC)";
|
||||
break;
|
||||
case SMB2_SIGNING_AES128_GMAC:
|
||||
signing = "partial(AES-128-GMAC)";
|
||||
break;
|
||||
default:
|
||||
signing = "???";
|
||||
result = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user