As the encryption is stream based there's no reason

oplock breaks can't be encrypted. If we have multiple
contexts I should probably attach them to the connection
struct, but for now use the global context number.
Jeremy.
(This used to be commit 5b4b335ed0d1dc738f1f099e5c638361f3aede07)

2 files changed, 16 insertions, 5 deletions

diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index 2c3313606a..8a5b1f4ecd 100644
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -252,11 +252,13 @@ static char *new_break_smb_message(TALLOC_CTX *mem_ctx,
 	}
 
 	memset(result,'\0',smb_size);
-	/* We use cli_set_message here as this is an
-	 * asynchronous message that doesn't belong in
-	 * the stream.
-	 */
-	cli_set_message(result,8,0,True);
+	if (!srv_encryption_on()) {
+		cli_set_message(result,8,0,true);
+	} else {
+		char inbuf[8];
+		smb_set_enclen(inbuf,4,srv_enc_ctx());
+		srv_set_message(inbuf,result,8,0,true);
+	}
 	SCVAL(result,smb_com,SMBlockingX);
 	SSVAL(result,smb_tid,fsp->conn->cnum);
 	SSVAL(result,smb_pid,0xFFFF);
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 14a427bb9c..24ecb77fd5 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -48,6 +48,15 @@ bool srv_encryption_on(void)
 }
 
 /******************************************************************************
+ Return global enc context - this must change if we ever do multiple contexts.
+******************************************************************************/
+
+uint16 srv_enc_ctx(void)
+{
+	return srv_trans_enc_ctx->es->enc_ctx_num;
+}
+
+/******************************************************************************
  Create an auth_ntlmssp_state and ensure pointer copy is correct.
 ******************************************************************************/