smbd: Pass smbXsrv_connection to lp_server_smb_encrypt()

We'll modify the value of "server smb encrypt" when we have a trusted
quic transport

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/docs-xml/smbdotconf/security/serversmbencrypt.xml b/docs-xml/smbdotconf/security/serversmbencrypt.xml
index 56d33046382d24b2620aa4704409647bd9e344be..8a63de19b148be2b92318c5cb8d1466324e7db9a 100644 (file)
--- a/docs-xml/smbdotconf/security/serversmbencrypt.xml
+++ b/docs-xml/smbdotconf/security/serversmbencrypt.xml
@@ -1,6 +1,7 @@
 <samba:parameter name="server smb encrypt"
                 context="S"
                 type="enum"
+                function="_server_smb_encrypt"
                 enumlist="enum_smb_encryption_vals"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>

diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml b/docs-xml/smbdotconf/security/smbencrypt.xml
index 60271200c0ac707940883c67a316a9e3fb3164ad..2ce5e585adf2d6ac41bad8be4f627421294cfcd1 100644 (file)
--- a/docs-xml/smbdotconf/security/smbencrypt.xml
+++ b/docs-xml/smbdotconf/security/smbencrypt.xml
@@ -2,7 +2,7 @@
                 context="S"
                 type="enum"
                 enumlist="enum_smb_encryption_vals"
-                function="server_smb_encrypt"
+                function="_server_smb_encrypt"
                 synonym="1"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 6dd9ccbe39f0e1b526b42f554fa506bf626a4586..9fb34f0cd2b82af4ec957a125bcde7096a3b78f1 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -249,7 +249,7 @@ static const struct loadparm_service _sDefault =
        .aio_read_size = 1,
        .aio_write_size = 1,
        .map_readonly = MAP_READONLY_NO,
-       .server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
+       ._server_smb_encrypt = SMB_ENCRYPTION_DEFAULT,
        .kernel_share_modes = false,
        .durable_handles = true,
        .check_parent_directory_delete_on_close = false,
@@ -4929,3 +4929,8 @@ int lp_smb3_directory_leases(void)
        dirleases &= !lp_kernel_oplocks(GLOBAL_SECTION_SNUM);
        return dirleases;
 }
+
+int lp_server_smb_encrypt(struct smbXsrv_connection *xconn, int snum)
+{
+       return lp__server_smb_encrypt(snum);
+}

diff --git a/source3/param/loadparm.h b/source3/param/loadparm.h
index ff4087ce9c2e5d0fcd3e3341cc75e222b00e5191..72773a8b2ece91d0edad3d40098f1f54e70390b5 100644 (file)
--- a/source3/param/loadparm.h
+++ b/source3/param/loadparm.h
@@ -72,6 +72,9 @@ enum samba_weak_crypto lp_weak_crypto(void);
 bool lp_strict_rename(int snum);
 int lp_smb3_directory_leases(void);
 
+struct smbXsrv_connection;
+int lp_server_smb_encrypt(struct smbXsrv_connection *xconn, int snum);
+
 int lp_wi_scan_global_parametrics(
        const char *regex, size_t max_matches,
        bool (*cb)(const char *string, regmatch_t matches[],

diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c
index 568a5611223aacc2bb409dfd003a6c4593fed235..253507f4c14318c4dfa1183af4fa8da99d93aae5 100644 (file)
--- a/source3/smbd/smb1_trans2.c
+++ b/source3/smbd/smb1_trans2.c
@@ -1805,7 +1805,7 @@ static void call_trans2setfsinfo(connection_struct *conn,
                                        return;
                                }
 
-                               if (lp_server_smb_encrypt(SNUM(conn)) ==
+                               if (lp_server_smb_encrypt(xconn, SNUM(conn)) ==
                                    SMB_ENCRYPTION_OFF) {
                                        reply_nterror(
                                                req,

diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index d44ce7c78632d2636bdf4a75e9a899c90cad0c5a..293a7446710988244b1b129d95d75256f3aef6e7 100644 (file)
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -409,7 +409,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
        }
 
        if ((protocol >= PROTOCOL_SMB3_00) &&
-           (lp_server_smb_encrypt(-1) != SMB_ENCRYPTION_OFF) &&
+           (lp_server_smb_encrypt(xconn, -1) != SMB_ENCRYPTION_OFF) &&
            (in_capabilities & SMB2_CAP_ENCRYPTION)) {
                capabilities |= SMB2_CAP_ENCRYPTION;
        }

diff --git a/source3/smbd/smb2_service.c b/source3/smbd/smb2_service.c
index 286a4732f7385250ce0aa9a59fec719cefded4c9..f7220915a8ddad26ccc70428a7d28eb364c4a5f5 100644 (file)
--- a/source3/smbd/smb2_service.c
+++ b/source3/smbd/smb2_service.c
@@ -535,10 +535,10 @@ NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn,
        /* Case options for the share. */
        conn_setup_case_options(conn);
 
-       conn->encrypt_level = lp_server_smb_encrypt(snum);
+       conn->encrypt_level = lp_server_smb_encrypt(xconn, snum);
 
        if ((conn->encrypt_level > SMB_ENCRYPTION_OFF) &&
-           (lp_server_smb_encrypt(-1) == SMB_ENCRYPTION_OFF)) {
+           (lp_server_smb_encrypt(xconn, -1) == SMB_ENCRYPTION_OFF)) {
 
                if (conn->encrypt_level == SMB_ENCRYPTION_REQUIRED) {
                        DBG_ERR("Service [%s] requires encryption, but "

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index de98979788c2b6aef7f9175bc31046ba91aece07..da6b98f40e9063c095e7f27b044e7f201b21cab9 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -255,12 +255,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
                x->global->signing_flags = SMBXSRV_SIGNING_REQUIRED;
        }
 
-       if ((lp_server_smb_encrypt(-1) >= SMB_ENCRYPTION_DESIRED) &&
+       if ((lp_server_smb_encrypt(xconn, -1) >= SMB_ENCRYPTION_DESIRED) &&
            (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) {
                x->global->encryption_flags = SMBXSRV_ENCRYPTION_DESIRED;
        }
 
-       if (lp_server_smb_encrypt(-1) == SMB_ENCRYPTION_REQUIRED) {
+       if (lp_server_smb_encrypt(xconn, -1) == SMB_ENCRYPTION_REQUIRED) {
                x->global->encryption_flags = SMBXSRV_ENCRYPTION_REQUIRED |
                        SMBXSRV_ENCRYPTION_DESIRED;
        }

diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 0945f00da0fcac4a274db5e79bf5480fb77e8650..1739f51de3fa37959e5d873c8cfdfc90c0e44829 100644 (file)
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -306,13 +306,13 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                TALLOC_FREE(proxy);
        }
 
-       if ((lp_server_smb_encrypt(snum) >= SMB_ENCRYPTION_DESIRED) &&
+       if ((lp_server_smb_encrypt(conn, snum) >= SMB_ENCRYPTION_DESIRED) &&
            (conn->smb2.server.cipher != 0))
        {
                encryption_desired = true;
        }
 
-       if (lp_server_smb_encrypt(snum) == SMB_ENCRYPTION_REQUIRED) {
+       if (lp_server_smb_encrypt(conn, snum) == SMB_ENCRYPTION_REQUIRED) {
                encryption_desired = true;
                encryption_required = true;
        }