diff options
author | Jeremy Allison <jra@samba.org> | 2013-08-16 10:44:34 -0700 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2013-08-21 17:28:55 +0200 |
commit | 81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b (patch) | |
tree | 92cf22aef86c259427ee41eaa4e8c216277226c5 | |
parent | 25521c90859de0651216c459273b2ffd916ee299 (diff) | |
download | samba-81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b.tar.gz samba-81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b.tar.bz2 samba-81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b.zip |
As SMB3 has transport level encryption, allow smbclient -e to force encryted SMB3 transport.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | libcli/smb/smbXcli_base.c | 21 | ||||
-rw-r--r-- | libcli/smb/smbXcli_base.h | 1 | ||||
-rw-r--r-- | source3/libsmb/clidfs.c | 18 |
3 files changed, 39 insertions, 1 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 1176bb8e87..8cbf27a9fc 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4949,6 +4949,27 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, return NT_STATUS_OK; } +NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session) +{ + if (session->smb2->should_encrypt) { + return NT_STATUS_OK; + } + + if (session->conn->protocol < PROTOCOL_SMB2_24) { + return NT_STATUS_NOT_SUPPORTED; + } + + if (!(session->conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) { + return NT_STATUS_NOT_SUPPORTED; + } + + if (session->smb2->signing_key.data == NULL) { + return NT_STATUS_NOT_SUPPORTED; + } + session->smb2->should_encrypt = true; + return NT_STATUS_OK; +} + struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx) { struct smbXcli_tcon *tcon; diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index a7cfcc3260..3d93427219 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -294,6 +294,7 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx, NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, const DATA_BLOB channel_key, const struct iovec *recv_iov); +NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session); struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx); uint16_t smb1cli_tcon_current_id(struct smbXcli_tcon *tcon); diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 1d92843f48..57126e6233 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -48,7 +48,23 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c, const char *domain, const char *sharename) { - NTSTATUS status = cli_force_encryption(c, + NTSTATUS status; + + if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { + status = smb2cli_session_encryption_on(c->smb2.session); + if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) { + d_printf("Encryption required and " + "server doesn't support " + "SMB3 encryption - failing connect\n"); + } else if (!NT_STATUS_IS_OK(status)) { + d_printf("Encryption required and " + "setup failed with error %s.\n", + nt_errstr(status)); + } + return status; + } + + status = cli_force_encryption(c, username, password, domain); |