sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off

Browse Source 
Best reviewed with `git show -b`

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 11:49:23 UTC 2022 on sn-devel-184
This commit is contained in:
Andreas Schneider 2022-06-22 08:37:06 +02:00 committed by Andreas Schneider
parent 7cc340f972
commit f68374aac5
1 changed files with 59 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
lib/cmdline/cmdline.c
View File

@ -990,68 +990,75 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
skip_password_callback = true; skip_password_callback = true;
break; break;
} }
case OPT_CLIENT_PROTECTION: case OPT_CLIENT_PROTECTION: {
if (arg != NULL) { uint32_t gensec_features;
uint32_t gensec_features; enum smb_signing_setting signing_state =
enum smb_signing_setting signing_state = SMB_SIGNING_OFF;
SMB_SIGNING_OFF; enum smb_encryption_setting encryption_state =
enum smb_encryption_setting encryption_state = SMB_ENCRYPTION_OFF;
SMB_ENCRYPTION_OFF;
gensec_features = if (arg == NULL) {
cli_credentials_get_gensec_features( fprintf(stderr,
creds); "Failed to parse "
"--client-protection=sign|encrypt|off: "
"Missing argument\n");
exit(1);
}
if (strequal(arg, "off")) { gensec_features =
gensec_features &= cli_credentials_get_gensec_features(
~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL); creds);
signing_state = SMB_SIGNING_OFF; if (strequal(arg, "off")) {
encryption_state = SMB_ENCRYPTION_OFF; gensec_features &=
} else if (strequal(arg, "sign")) { ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL);
gensec_features |= GENSEC_FEATURE_SIGN;
signing_state = SMB_SIGNING_REQUIRED; signing_state = SMB_SIGNING_OFF;
encryption_state = SMB_ENCRYPTION_OFF; encryption_state = SMB_ENCRYPTION_OFF;
} else if (strequal(arg, "encrypt")) { } else if (strequal(arg, "sign")) {
gensec_features |= GENSEC_FEATURE_SEAL; gensec_features |= GENSEC_FEATURE_SIGN;
signing_state = SMB_SIGNING_REQUIRED; signing_state = SMB_SIGNING_REQUIRED;
encryption_state = SMB_ENCRYPTION_REQUIRED; encryption_state = SMB_ENCRYPTION_OFF;
} else { } else if (strequal(arg, "encrypt")) {
fprintf(stderr, gensec_features |= GENSEC_FEATURE_SEAL;
"Failed to parse --client-protection\n");
exit(1);
}
ok = cli_credentials_set_gensec_features(creds, signing_state = SMB_SIGNING_REQUIRED;
gensec_features, encryption_state = SMB_ENCRYPTION_REQUIRED;
CRED_SPECIFIED); } else {
if (!ok) { fprintf(stderr,
fprintf(stderr, "Failed to parse --client-protection\n");
"Failed to set gensec feature!\n"); exit(1);
exit(1); }
}
ok = cli_credentials_set_smb_signing(creds, ok = cli_credentials_set_gensec_features(creds,
signing_state, gensec_features,
CRED_SPECIFIED);
if (!ok) {
fprintf(stderr,
"Failed to set smb signing!\n");
exit(1);
}
ok = cli_credentials_set_smb_encryption(creds,
encryption_state,
CRED_SPECIFIED); CRED_SPECIFIED);
if (!ok) { if (!ok) {
fprintf(stderr, fprintf(stderr,
"Failed to set smb encryption!\n"); "Failed to set gensec feature!\n");
exit(1); exit(1);
} }
ok = cli_credentials_set_smb_signing(creds,
signing_state,
CRED_SPECIFIED);
if (!ok) {
fprintf(stderr,
"Failed to set smb signing!\n");
exit(1);
}
ok = cli_credentials_set_smb_encryption(creds,
encryption_state,
CRED_SPECIFIED);
if (!ok) {
fprintf(stderr,
"Failed to set smb encryption!\n");
exit(1);
} }
break; break;
}
} /* switch */ } /* switch */
} }