CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function

This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index cfb3b162358ef3da6d82ebf7c0eeb1f3f1b71bb7..868ee59245b1c05e2a552ab47cd0ec7dfbc134b8 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -339,6 +339,19 @@ uint16_t cli_getpid(struct cli_state *cli)
        return cli->smb1.pid;
 }
 
+bool cli_state_is_encryption_on(struct cli_state *cli)
+{
+       if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+               return smb1cli_conn_encryption_on(cli->conn);
+       }
+
+       if (cli->smb2.tcon == NULL) {
+               return false;
+       }
+
+       return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
+}
+
 bool cli_state_has_tcon(struct cli_state *cli)
 {
        uint16_t tid = cli_state_get_tid(cli);

diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index dc9aa1720b2981a955f631b9ff9983f15630a760..e872e3106e77aed4a401ac1e157acffd2edb98f0 100644 (file)
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -174,6 +174,7 @@ const char *cli_state_remote_realm(struct cli_state *cli);
 uint16_t cli_state_get_vc_num(struct cli_state *cli);
 uint16_t cli_setpid(struct cli_state *cli, uint16_t pid);
 uint16_t cli_getpid(struct cli_state *cli);
+bool cli_state_is_encryption_on(struct cli_state *cli);
 bool cli_state_has_tcon(struct cli_state *cli);
 uint16_t cli_state_get_tid(struct cli_state *cli);
 uint16_t cli_state_set_tid(struct cli_state *cli, uint16_t tid);