CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function

This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 2b53a930809a305d749e1236256cb506020da33a..e675f95af60e7552c814bee58d54f2626b633483 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -334,6 +334,19 @@ uint32_t cli_getpid(struct cli_state *cli)
        return cli->smb1.pid;
 }
 
+bool cli_state_is_encryption_on(struct cli_state *cli)
+{
+       if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+               return smb1cli_conn_encryption_on(cli->conn);
+       }
+
+       if (cli->smb2.tcon == NULL) {
+               return false;
+       }
+
+       return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
+}
+
 bool cli_state_has_tcon(struct cli_state *cli)
 {
        uint32_t tid;

diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index 340cd225ea0661e70689fc7df399f3feed9bd69a..f276b74987c9585abafd473f43ff6c93b7f67b30 100644 (file)
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -174,6 +174,7 @@ const char *cli_state_remote_realm(struct cli_state *cli);
 uint16_t cli_state_get_vc_num(struct cli_state *cli);
 uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
 uint32_t cli_getpid(struct cli_state *cli);
+bool cli_state_is_encryption_on(struct cli_state *cli);
 bool cli_state_has_tcon(struct cli_state *cli);
 uint32_t cli_state_get_tid(struct cli_state *cli);
 uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid);