summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-01-05 00:23:35 -0800
committerJeremy Allison <jra@samba.org>2008-01-05 00:23:35 -0800
commit9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0 (patch)
tree5a6af8ca801ef15316daf9abdd7b6dc965f4a099 /source3/libsmb
parent4881ed00ca1d0ab156863c6821db670c70f5d0ea (diff)
downloadsamba-9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0.tar.gz
samba-9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0.tar.bz2
samba-9baa97a46ebb92a5968ceba0fb5c2de51e6fa8f0.zip
Add general '-e' option to enable smb encryption
on tools. Jeremy. (This used to be commit 757653966fc1384159bd2d57c5670cd8af0cae96)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clidfs.c58
-rw-r--r--source3/libsmb/clifsinfo.c33
2 files changed, 56 insertions, 35 deletions
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 7800d10e8b..77419b4a1a 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -72,54 +72,36 @@ static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
Ensure a connection is encrypted.
********************************************************************/
-static bool force_cli_encryption(struct cli_state *c,
+NTSTATUS cli_cm_force_encryption(struct cli_state *c,
const char *username,
const char *password,
const char *domain,
const char *sharename)
{
- uint16 major, minor;
- uint32 caplow, caphigh;
- NTSTATUS status;
+ NTSTATUS status = cli_force_encryption(c,
+ username,
+ password,
+ domain);
- if (!SERVER_HAS_UNIX_CIFS(c)) {
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
d_printf("Encryption required and "
"server that doesn't support "
"UNIX extensions - failing connect\n");
- return false;
- }
-
- if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) {
+ } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNKNOWN_REVISION)) {
d_printf("Encryption required and "
"can't get UNIX CIFS extensions "
"version from server.\n");
- return false;
- }
-
- if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
+ } else if (NT_STATUS_EQUAL(status,NT_STATUS_UNSUPPORTED_COMPRESSION)) {
d_printf("Encryption required and "
"share %s doesn't support "
"encryption.\n", sharename);
- return false;
- }
-
- if (c->use_kerberos) {
- status = cli_gss_smb_encryption_start(c);
- } else {
- status = cli_raw_ntlm_smb_encryption_start(c,
- username,
- password,
- domain);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
+ } else if (!NT_STATUS_IS_OK(status)) {
d_printf("Encryption required and "
"setup failed with error %s.\n",
nt_errstr(status));
- return false;
}
- return true;
+ return status;
}
/********************************************************************
@@ -281,13 +263,16 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
return NULL;
}
- if (force_encrypt && !force_cli_encryption(c,
+ if (force_encrypt) {
+ status = cli_cm_force_encryption(c,
username,
password,
lp_workgroup(),
- sharename)) {
- cli_shutdown(c);
- return NULL;
+ sharename);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(c);
+ return NULL;
+ }
}
DEBUG(4,(" tconx ok\n"));
@@ -1035,12 +1020,15 @@ static bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
return false;
}
- if (force_encrypt && !force_cli_encryption(cli,
+ if (force_encrypt) {
+ NTSTATUS status = cli_cm_force_encryption(cli,
username,
password,
lp_workgroup(),
- "IPC$")) {
- return false;
+ "IPC$");
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
}
res = cli_dfs_get_referral(ctx, cli, fullpath, &refs, &num_refs, &consumed);
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index 107613c618..fb923378ab 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -634,3 +634,36 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
return NT_STATUS_NOT_SUPPORTED;
}
#endif
+
+/********************************************************************
+ Ensure a connection is encrypted.
+********************************************************************/
+
+NTSTATUS cli_force_encryption(struct cli_state *c,
+ const char *username,
+ const char *password,
+ const char *domain)
+{
+ uint16 major, minor;
+ uint32 caplow, caphigh;
+
+ if (!SERVER_HAS_UNIX_CIFS(c)) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) {
+ return NT_STATUS_UNKNOWN_REVISION;
+ }
+
+ if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
+ return NT_STATUS_UNSUPPORTED_COMPRESSION;
+ }
+
+ if (c->use_kerberos) {
+ return cli_gss_smb_encryption_start(c);
+ }
+ return cli_raw_ntlm_smb_encryption_start(c,
+ username,
+ password,
+ domain);
+}