From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 3 Jul 2023 13:14:38 +0000 (+0200)
Subject: s3:utils: let smbstatus report anonymous signing/encryption explicitly
X-Git-Tag: ldb-2.8.1~69
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=92a0533a9ea31f40a0a38f78e2b63c8e250972b0;p=thirdparty%2Fsamba.git

s3:utils: let smbstatus report anonymous signing/encryption explicitly

We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224

(cherry picked from commit 5a54c9b28abb1464c84cb4be15a49718d8ae6795)
---

diff --git a/source3/utils/status.c b/source3/utils/status.c
index e68fd09f497..38a534948c5 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -492,6 +492,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
 
 	if (encryption_degree == CRYPTO_DEGREE_FULL) {
 		fstr_sprintf(encryption, "%s", encryption_cipher);
+	} else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+		fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
 	} else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
 		fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
 	} else {
@@ -499,6 +501,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
 	}
 	if (signing_degree == CRYPTO_DEGREE_FULL) {
 		fstr_sprintf(signing, "%s", signing_cipher);
+	} else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+		fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
 	} else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
 		fstr_sprintf(signing, "partial(%s)", signing_cipher);
 	} else {
@@ -585,6 +589,11 @@ static int traverse_connections(const struct connections_data *crec,
 		} else if (smbXsrv_is_partially_encrypted(crec->encryption_flags)) {
 			encryption_degree = CRYPTO_DEGREE_PARTIAL;
 		}
+		if (encryption_degree != CRYPTO_DEGREE_NONE &&
+		    !crec->authenticated)
+		{
+			encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+		}
 	}
 
 	if (smbXsrv_is_signed(crec->signing_flags) ||
@@ -612,6 +621,11 @@ static int traverse_connections(const struct connections_data *crec,
 		} else if (smbXsrv_is_partially_signed(crec->signing_flags)) {
 			signing_degree = CRYPTO_DEGREE_PARTIAL;
 		}
+		if (signing_degree != CRYPTO_DEGREE_NONE &&
+		    !crec->authenticated)
+		{
+			signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+		}
 	}
 
 	if (!state->json_output) {
@@ -654,6 +668,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
 
 	if (encryption_degree == CRYPTO_DEGREE_FULL) {
 		fstr_sprintf(encryption, "%s", encryption_cipher);
+	} else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+		fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
 	} else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
 		fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
 	} else {
@@ -661,6 +677,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
 	}
 	if (signing_degree == CRYPTO_DEGREE_FULL) {
 		fstr_sprintf(signing, "%s", signing_cipher);
+	} else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+		fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
 	} else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
 		fstr_sprintf(signing, "partial(%s)", signing_cipher);
 	} else {
@@ -795,6 +813,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
 		} else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
 			encryption_degree = CRYPTO_DEGREE_PARTIAL;
 		}
+		if (encryption_degree != CRYPTO_DEGREE_NONE &&
+		    !session->authenticated)
+		{
+			encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+		}
 	}
 
 	if (smbXsrv_is_signed(session->signing_flags) ||
@@ -822,6 +845,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
 		} else if (smbXsrv_is_partially_signed(session->signing_flags)) {
 			signing_degree = CRYPTO_DEGREE_PARTIAL;
 		}
+		if (signing_degree != CRYPTO_DEGREE_NONE &&
+		    !session->authenticated)
+		{
+			signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+		}
 	}
 
 
diff --git a/source3/utils/status.h b/source3/utils/status.h
index c08aba4c262..6674f0db54f 100644
--- a/source3/utils/status.h
+++ b/source3/utils/status.h
@@ -38,6 +38,7 @@ struct traverse_state {
 enum crypto_degree {
         CRYPTO_DEGREE_NONE,
         CRYPTO_DEGREE_PARTIAL,
+        CRYPTO_DEGREE_ANONYMOUS,
         CRYPTO_DEGREE_FULL
 };
 
diff --git a/source3/utils/status_json.c b/source3/utils/status_json.c
index 79cb1dfe1e4..850fc67e551 100644
--- a/source3/utils/status_json.c
+++ b/source3/utils/status_json.c
@@ -257,6 +257,8 @@ static int add_crypto_to_json(struct json_object *parent_json,
 
 	if (degree == CRYPTO_DEGREE_NONE) {
 		degree_str = "none";
+	} else if (degree == CRYPTO_DEGREE_ANONYMOUS) {
+		degree_str = "anonymous";
 	} else if (degree == CRYPTO_DEGREE_PARTIAL) {
 		degree_str = "partial";
 	} else {