diff options
author | Jeremy Allison <jra@samba.org> | 2008-01-05 00:23:35 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-01-05 00:23:35 -0800 |
commit | 9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0 (patch) | |
tree | 5a6af8ca801ef15316daf9abdd7b6dc965f4a099 /source3/libsmb | |
parent | 4881ed00ca1d0ab156863c6821db670c70f5d0ea (diff) | |
download | samba-9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0.tar.gz samba-9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0.tar.bz2 samba-9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0.zip |
Add general '-e' option to enable smb encryption
on tools.
Jeremy.
(This used to be commit 757653966fc1384159bd2d57c5670cd8af0cae96)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clidfs.c | 58 | ||||
-rw-r--r-- | source3/libsmb/clifsinfo.c | 33 |
2 files changed, 56 insertions, 35 deletions
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 7800d10e8b..77419b4a1a 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -72,54 +72,36 @@ static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, Ensure a connection is encrypted. ********************************************************************/ -static bool force_cli_encryption(struct cli_state *c, +NTSTATUS cli_cm_force_encryption(struct cli_state *c, const char *username, const char *password, const char *domain, const char *sharename) { - uint16 major, minor; - uint32 caplow, caphigh; - NTSTATUS status; + NTSTATUS status = cli_force_encryption(c, + username, + password, + domain); - if (!SERVER_HAS_UNIX_CIFS(c)) { + if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) { d_printf("Encryption required and " "server that doesn't support " "UNIX extensions - failing connect\n"); - return false; - } - - if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) { + } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) { d_printf("Encryption required and " "can't get UNIX CIFS extensions " "version from server.\n"); - return false; - } - - if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) { + } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) { d_printf("Encryption required and " "share %s doesn't support " "encryption.\n", sharename); - return false; - } - - if (c->use_kerberos) { - status = cli_gss_smb_encryption_start(c); - } else { - status = cli_raw_ntlm_smb_encryption_start(c, - username, - password, - domain); - } - - if (!NT_STATUS_IS_OK(status)) { + } else if (!NT_STATUS_IS_OK(status)) { d_printf("Encryption required and " "setup failed with error %s.\n", nt_errstr(status)); - return false; } - return true; + return status; } /******************************************************************** @@ -281,13 +263,16 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, return NULL; } - if (force_encrypt && !force_cli_encryption(c, + if (force_encrypt) { + status = cli_cm_force_encryption(c, username, password, lp_workgroup(), - sharename)) { - cli_shutdown(c); - return NULL; + sharename); + if (!NT_STATUS_IS_OK(status)) { + cli_shutdown(c); + return NULL; + } } DEBUG(4,(" tconx ok\n")); @@ -1035,12 +1020,15 @@ static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, return false; } - if (force_encrypt && !force_cli_encryption(cli, + if (force_encrypt) { + NTSTATUS status = cli_cm_force_encryption(cli, username, password, lp_workgroup(), - "IPC$")) { - return false; + "IPC$"); + if (!NT_STATUS_IS_OK(status)) { + return false; + } } res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed); diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 107613c618..fb923378ab 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -634,3 +634,36 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) return NT_STATUS_NOT_SUPPORTED; } #endif + +/******************************************************************** + Ensure a connection is encrypted. +********************************************************************/ + +NTSTATUS cli_force_encryption(struct cli_state *c, + const char *username, + const char *password, + const char *domain) +{ + uint16 major, minor; + uint32 caplow, caphigh; + + if (!SERVER_HAS_UNIX_CIFS(c)) { + return NT_STATUS_NOT_SUPPORTED; + } + + if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) { + return NT_STATUS_UNKNOWN_REVISION; + } + + if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) { + return NT_STATUS_UNSUPPORTED_COMPRESSION; + } + + if (c->use_kerberos) { + return cli_gss_smb_encryption_start(c); + } + return cli_raw_ntlm_smb_encryption_start(c, + username, + password, + domain); +} |