From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 3 Jul 2023 13:12:38 +0000 (+0200)
Subject: s3:utils: let smbstatus also report partial tcon signing/encryption
X-Git-Tag: ldb-2.8.1~71
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1925abda4c44421aabdb92a3fa1e9a97ec2e1898;p=thirdparty%2Fsamba.git

s3:utils: let smbstatus also report partial tcon signing/encryption

We already do that for sessions and also for the json output,
but it was missing in the non-json output for tcons.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 551756abd2c9e4922075bc3037db645355542363)
---

diff --git a/source3/utils/status.c b/source3/utils/status.c
index 1cb877567ac..e68fd09f497 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -482,9 +482,29 @@ static int traverse_connections_stdout(struct traverse_state *state,
 				       char *server_id,
 				       const char *machine,
 				       const char *timestr,
-				       const char *encryption,
-				       const char *signing)
+				       const char *encryption_cipher,
+				       enum crypto_degree encryption_degree,
+				       const char *signing_cipher,
+				       enum crypto_degree signing_degree)
 {
+	fstring encryption;
+	fstring signing;
+
+	if (encryption_degree == CRYPTO_DEGREE_FULL) {
+		fstr_sprintf(encryption, "%s", encryption_cipher);
+	} else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
+		fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
+	} else {
+		fstr_sprintf(encryption, "-");
+	}
+	if (signing_degree == CRYPTO_DEGREE_FULL) {
+		fstr_sprintf(signing, "%s", signing_cipher);
+	} else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
+		fstr_sprintf(signing, "partial(%s)", signing_cipher);
+	} else {
+		fstr_sprintf(signing, "-");
+	}
+
 	d_printf("%-12s %-7s %-13s %-32s %-12s %-12s\n",
 		 servicename, server_id, machine, timestr, encryption, signing);
 
@@ -537,7 +557,9 @@ static int traverse_connections(const struct connections_data *crec,
 		return -1;
 	}
 
-	if (smbXsrv_is_encrypted(crec->encryption_flags)) {
+	if (smbXsrv_is_encrypted(crec->encryption_flags) ||
+	    smbXsrv_is_partially_encrypted(crec->encryption_flags))
+	{
 		switch (crec->cipher) {
 		case SMB_ENCRYPTION_GSSAPI:
 			encryption = "GSSAPI";
@@ -558,10 +580,16 @@ static int traverse_connections(const struct connections_data *crec,
 			encryption = "???";
 			break;
 		}
-		encryption_degree = CRYPTO_DEGREE_FULL;
+		if (smbXsrv_is_encrypted(crec->encryption_flags)) {
+			encryption_degree = CRYPTO_DEGREE_FULL;
+		} else if (smbXsrv_is_partially_encrypted(crec->encryption_flags)) {
+			encryption_degree = CRYPTO_DEGREE_PARTIAL;
+		}
 	}
 
-	if (smbXsrv_is_signed(crec->signing_flags)) {
+	if (smbXsrv_is_signed(crec->signing_flags) ||
+	    smbXsrv_is_partially_signed(crec->signing_flags))
+	{
 		switch (crec->signing) {
 		case SMB2_SIGNING_MD5_SMB1:
 			signing = "HMAC-MD5";
@@ -579,7 +607,11 @@ static int traverse_connections(const struct connections_data *crec,
 			signing = "???";
 			break;
 		}
-		signing_degree = CRYPTO_DEGREE_FULL;
+		if (smbXsrv_is_signed(crec->signing_flags)) {
+			signing_degree = CRYPTO_DEGREE_FULL;
+		} else if (smbXsrv_is_partially_signed(crec->signing_flags)) {
+			signing_degree = CRYPTO_DEGREE_PARTIAL;
+		}
 	}
 
 	if (!state->json_output) {
@@ -589,7 +621,9 @@ static int traverse_connections(const struct connections_data *crec,
 						     crec->machine,
 						     timestr,
 						     encryption,
-						     signing);
+						     encryption_degree,
+						     signing,
+						     signing_degree);
 	} else {
 		result = traverse_connections_json(state,
 						   crec,