sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s3:smb2_server: convert encryption desired and required bools to flags

Browse Source 
This adds a bitmap smbXsrv_encrpytion_flags with flags to the
smbXsrv_session_global.tdb and smbXsrv_tcon_global.tdb that we use
instead of bools for desired and required.

We need this info in the smbXsrv tdbs for smbstatus. Subsequent commits
for smbstatus will use it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Ralph Boehme 2015-11-09 17:23:29 +01:00
parent 63a13f40cf
commit bfdffea0fa
4 changed files with 27 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source3/librpc/idl/smbXsrv.idl
View File

@ -116,6 +116,11 @@ interface smbXsrv
/* sessions */
typedef [public,bitmap8bit] bitmap {
SMBXSRV_ENCRYPTION_REQUIRED = 0x01,
SMBXSRV_ENCRYPTION_DESIRED = 0x02
} smbXsrv_encrpytion_flags;
typedef struct {
server_id server_id;
[charset(UTF8),string] char local_address[];
@ -141,7 +146,7 @@ interface smbXsrv
auth_session_info *auth_session_info;
uint16 connection_dialect;
boolean8 signing_required;
boolean8 encryption_required;
smbXsrv_encrpytion_flags encryption_flags;
[noprint] DATA_BLOB signing_key;
[noprint] DATA_BLOB encryption_key;
[noprint] DATA_BLOB decryption_key;
@ -206,7 +211,6 @@ interface smbXsrv
[ignore] user_struct *compat;
[ignore] smbXsrv_tcon_table *tcon_table;
smbXsrv_session_auth0 *pending_auth;
boolean8 encryption_desired;
} smbXsrv_session;
typedef union {
@ -259,7 +263,7 @@ interface smbXsrv
server_id server_id;
NTTIME creation_time;
[charset(UTF8),string] char share_name[];
boolean8 encryption_required;
smbXsrv_encrpytion_flags encryption_flags;
/*
* for SMB1 this is the session that the tcon was opened on
*/
@ -301,7 +305,6 @@ interface smbXsrv
NTSTATUS status;
NTTIME idle_time;
[ignore] connection_struct *compat;
boolean8 encryption_desired;
} smbXsrv_tcon;
typedef union {

12
source3/smbd/smb2_server.c
View File

@ -2067,8 +2067,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
x = req->session;
if (x != NULL) {
signing_required = x->global->signing_required;
encryption_desired = x->encryption_desired;
encryption_required = x->global->encryption_required;
encryption_desired = x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED;
encryption_required = x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED;
}
req->do_signing = false;
@ -2224,10 +2224,10 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
}
if (req->tcon->encryption_desired) {
if (req->tcon->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED) {
encryption_desired = true;
}
if (req->tcon->global->encryption_required) {
if (req->tcon->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED) {
encryption_required = true;
}
if (encryption_required && !req->was_encrypted) {
@ -2882,8 +2882,8 @@ static NTSTATUS smbd_smb2_send_break(struct smbXsrv_connection *xconn,
if (session != NULL) {
session_wire_id = session->global->session_wire_id;
do_encryption = session->encryption_desired;
if (tcon->encryption_desired) {
do_encryption = session->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED;
if (tcon->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED) {
do_encryption = true;
}
}

12
source3/smbd/smb2_sesssetup.c
View File

@ -268,12 +268,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
if ((lp_smb_encrypt(-1) >= SMB_SIGNING_DESIRED) &&
(xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
x->encryption_desired = true;
x->global->encryption_flags = SMBXSRV_ENCRYPTION_DESIRED;
}
if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) {
x->encryption_desired = true;
x->global->encryption_required = true;
x->global->encryption_flags = SMBXSRV_ENCRYPTION_REQUIRED |
SMBXSRV_ENCRYPTION_DESIRED;
}
if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
@ -285,13 +285,13 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
guest = true;
}
if (guest && x->global->encryption_required) {
if (guest && (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED)) {
DEBUG(1,("reject guest session as encryption is required\n"));
return NT_STATUS_ACCESS_DENIED;
}
if (xconn->smb2.server.cipher == 0) {
if (x->global->encryption_required) {
if (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED) {
DEBUG(1,("reject session with dialect[0x%04X] "
"as encryption is required\n",
xconn->smb2.server.dialect));
@ -299,7 +299,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
}
}
if (x->encryption_desired) {
if (x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED) {
*out_session_flags |= SMB2_SESSION_FLAG_ENCRYPT_DATA;
}

12
source3/smbd/smb2_tcon.c
View File

@ -193,8 +193,8 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
connection_struct *compat_conn = NULL;
struct user_struct *compat_vuser = req->session->compat;
NTSTATUS status;
bool encryption_desired = req->session->encryption_desired;
bool encryption_required = req->session->global->encryption_required;
bool encryption_desired = req->session->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED;
bool encryption_required = req->session->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED;
bool guest_session = false;
bool require_signed_tcon = false;
@ -298,8 +298,12 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
return status;
}
tcon->encryption_desired = encryption_desired;
tcon->global->encryption_required = encryption_required;
if (encryption_desired) {
tcon->global->encryption_flags |= SMBXSRV_ENCRYPTION_DESIRED;
}
if (encryption_required) {
tcon->global->encryption_flags |= SMBXSRV_ENCRYPTION_REQUIRED;
}
compat_conn = make_connection_smb2(req,
tcon, snum,