1 files changed, 27 insertions, 3 deletions

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 8f1bd9e686..d16a8f079a 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -1287,6 +1287,17 @@ bool receive_smb(int fd, char *buffer, unsigned int timeout, enum smb_read_error
 		return false;
 	}
 
+	if (srv_encryption_on()) {
+		NTSTATUS status = srv_decrypt_buffer(buffer);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("receive_smb: SMB decryption failed "
+				"on incoming packet! Error %s\n",
+				nt_errstr(status) ));
+			cond_set_smb_read_error(pre, SMB_READ_BAD_DECRYPT);
+			return false;
+		}
+	}
+
 	/* Check the incoming SMB signature. */
 	if (!srv_check_sign_mac(buffer, true)) {
 		DEBUG(0, ("receive_smb: SMB Signature verification "
@@ -1307,22 +1318,35 @@ bool send_smb(int fd, char *buffer)
 	size_t len;
 	size_t nwritten=0;
 	ssize_t ret;
+	char *buf_out = buffer;
 
 	/* Sign the outgoing packet if required. */
-	srv_calculate_sign_mac(buffer);
+	srv_calculate_sign_mac(buf_out);
+
+	if (srv_encryption_on()) {
+		NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("send_smb: SMB encryption failed "
+				"on outgoing packet! Error %s\n",
+				nt_errstr(status) ));
+			return false;
+		}
+	}
 
-	len = smb_len(buffer) + 4;
+	len = smb_len(buf_out) + 4;
 
 	while (nwritten < len) {
-		ret = write_data(fd,buffer+nwritten,len - nwritten);
+		ret = write_data(fd,buf_out+nwritten,len - nwritten);
 		if (ret <= 0) {
 			DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
 				(int)len,(int)ret, strerror(errno) ));
+			srv_free_enc_buffer(buf_out);
 			return false;
 		}
 		nwritten += ret;
 	}
 
+	srv_free_enc_buffer(buf_out);
 	return true;
 }