r21865: Add in the stubs for SMB transport encryption. Will flesh

these out as I implement. Don't add to SAMBA_3_0_25, this
is experimental code.
NFSv4 you're now officially on notice... :-).
Jeremy.
(This used to be commit 5bfe638f2172e272741997100ee5ae8ff280494d)

1 files changed, 22 insertions, 1 deletions

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 2866a443d4..663502bef0 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -732,15 +732,28 @@ BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
 
 BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
 {
+	NTSTATUS status;
+
 	if (!receive_smb_raw(fd, buffer, timeout)) {
 		return False;
 	}
 
+	status = srv_decrypt_buffer(buffer);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("receive_smb: SMB decryption failed on incoming packet! Error %s\n",
+			nt_errstr(status) ));
+		if (smb_read_error == 0) {
+			smb_read_error = READ_BAD_DECRYPT;
+		}
+		return False;
+	}
+
 	/* Check the incoming SMB signature. */
 	if (!srv_check_sign_mac(buffer, True)) {
 		DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
-		if (smb_read_error == 0)
+		if (smb_read_error == 0) {
 			smb_read_error = READ_BAD_SIG;
+		}
 		return False;
 	};
 
@@ -753,6 +766,7 @@ BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
 
 BOOL send_smb(int fd, char *buffer)
 {
+	NTSTATUS status;
 	size_t len;
 	size_t nwritten=0;
 	ssize_t ret;
@@ -760,6 +774,13 @@ BOOL send_smb(int fd, char *buffer)
 	/* Sign the outgoing packet if required. */
 	srv_calculate_sign_mac(buffer);
 
+	status = srv_encrypt_buffer(buffer);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("send_smb: SMB encryption failed on outgoing packet! Error %s\n",
+			nt_errstr(status) ));
+		return False;
+	}
+
 	len = smb_len(buffer) + 4;
 
 	while (nwritten < len) {