s3:utils: let smbstatus report anonymous signing/encryption explicitly

We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224

(cherry picked from commit 5a54c9b28abb1464c84cb4be15a49718d8ae6795)

diff --git a/source3/utils/status.c b/source3/utils/status.c
index e68fd09f4971f7940558c2ab2870fca8d28e071c..38a534948c5754e081c2fe5219845b68de4fc845 100644 (file)
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -492,6 +492,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
 
        if (encryption_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(encryption, "%s", encryption_cipher);
+       } else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
        } else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
        } else {
@@ -499,6 +501,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
        }
        if (signing_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(signing, "%s", signing_cipher);
+       } else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
        } else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(signing, "partial(%s)", signing_cipher);
        } else {
@@ -585,6 +589,11 @@ static int traverse_connections(const struct connections_data *crec,
                } else if (smbXsrv_is_partially_encrypted(crec->encryption_flags)) {
                        encryption_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (encryption_degree != CRYPTO_DEGREE_NONE &&
+                   !crec->authenticated)
+               {
+                       encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (smbXsrv_is_signed(crec->signing_flags) ||
@@ -612,6 +621,11 @@ static int traverse_connections(const struct connections_data *crec,
                } else if (smbXsrv_is_partially_signed(crec->signing_flags)) {
                        signing_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (signing_degree != CRYPTO_DEGREE_NONE &&
+                   !crec->authenticated)
+               {
+                       signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (!state->json_output) {
@@ -654,6 +668,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
 
        if (encryption_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(encryption, "%s", encryption_cipher);
+       } else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
        } else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
        } else {
@@ -661,6 +677,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
        }
        if (signing_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(signing, "%s", signing_cipher);
+       } else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
        } else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(signing, "partial(%s)", signing_cipher);
        } else {
@@ -795,6 +813,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                } else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
                        encryption_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (encryption_degree != CRYPTO_DEGREE_NONE &&
+                   !session->authenticated)
+               {
+                       encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (smbXsrv_is_signed(session->signing_flags) ||
@@ -822,6 +845,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                } else if (smbXsrv_is_partially_signed(session->signing_flags)) {
                        signing_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (signing_degree != CRYPTO_DEGREE_NONE &&
+                   !session->authenticated)
+               {
+                       signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
 

diff --git a/source3/utils/status.h b/source3/utils/status.h
index c08aba4c26245f5f3248a1c73fbd98f65ee44976..6674f0db54fe6a775a335e245a7a73c8f6d1bf48 100644 (file)
--- a/source3/utils/status.h
+++ b/source3/utils/status.h
@@ -38,6 +38,7 @@ struct traverse_state {
 enum crypto_degree {
         CRYPTO_DEGREE_NONE,
         CRYPTO_DEGREE_PARTIAL,
+        CRYPTO_DEGREE_ANONYMOUS,
         CRYPTO_DEGREE_FULL
 };
 

diff --git a/source3/utils/status_json.c b/source3/utils/status_json.c
index 79cb1dfe1e412f1778deebfe78ee8435cbb5a572..850fc67e5513c8f845d2462b34c4727af3d3b32f 100644 (file)
--- a/source3/utils/status_json.c
+++ b/source3/utils/status_json.c
@@ -257,6 +257,8 @@ static int add_crypto_to_json(struct json_object *parent_json,
 
        if (degree == CRYPTO_DEGREE_NONE) {
                degree_str = "none";
+       } else if (degree == CRYPTO_DEGREE_ANONYMOUS) {
+               degree_str = "anonymous";
        } else if (degree == CRYPTO_DEGREE_PARTIAL) {
                degree_str = "partial";
        } else {