summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-08-16 10:44:34 -0700
committerMichael Adam <obnox@samba.org>2013-08-21 17:28:55 +0200
commit81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b (patch)
tree92cf22aef86c259427ee41eaa4e8c216277226c5
parent25521c90859de0651216c459273b2ffd916ee299 (diff)
downloadsamba-81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b.tar.gz
samba-81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b.tar.bz2
samba-81e1058e20bcfc1efab2b39dd7642d8dbbe0cb3b.zip
As SMB3 has transport level encryption, allow smbclient -e to force encryted SMB3 transport.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--libcli/smb/smbXcli_base.c21
-rw-r--r--libcli/smb/smbXcli_base.h1
-rw-r--r--source3/libsmb/clidfs.c18
3 files changed, 39 insertions, 1 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 1176bb8e87..8cbf27a9fc 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4949,6 +4949,27 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
return NT_STATUS_OK;
}
+NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
+{
+ if (session->smb2->should_encrypt) {
+ return NT_STATUS_OK;
+ }
+
+ if (session->conn->protocol < PROTOCOL_SMB2_24) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (!(session->conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (session->smb2->signing_key.data == NULL) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+ session->smb2->should_encrypt = true;
+ return NT_STATUS_OK;
+}
+
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
{
struct smbXcli_tcon *tcon;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index a7cfcc3260..3d93427219 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -294,6 +294,7 @@ NTSTATUS smb2cli_session_create_channel(TALLOC_CTX *mem_ctx,
NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
const DATA_BLOB channel_key,
const struct iovec *recv_iov);
+NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session);
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx);
uint16_t smb1cli_tcon_current_id(struct smbXcli_tcon *tcon);
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 1d92843f48..57126e6233 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -48,7 +48,23 @@ NTSTATUS cli_cm_force_encryption(struct cli_state *c,
const char *domain,
const char *sharename)
{
- NTSTATUS status = cli_force_encryption(c,
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_session_encryption_on(c->smb2.session);
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
+ d_printf("Encryption required and "
+ "server doesn't support "
+ "SMB3 encryption - failing connect\n");
+ } else if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(status));
+ }
+ return status;
+ }
+
+ status = cli_force_encryption(c,
username,
password,
domain);