]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()
authorAndreas Schneider <asn@samba.org>
Thu, 28 May 2020 14:31:35 +0000 (16:31 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Wed, 19 Aug 2020 16:22:41 +0000 (16:22 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
auth/credentials/credentials.c
auth/credentials/credentials.h
auth/credentials/credentials_internal.h

index 365a6def7eab5eb6a2632f589ac295f3f4aeb081..dc5d51f1424f459bb193c0072a43e496052c88f3 100644 (file)
@@ -46,6 +46,12 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 
        cred->signing_state = SMB_SIGNING_DEFAULT;
 
+       /*
+        * The default value of lpcfg_client_ipc_signing() is REQUIRED, so use
+        * the same value here.
+        */
+       cred->ipc_signing_state = SMB_SIGNING_REQUIRED;
+
        return cred;
 }
 
@@ -930,6 +936,12 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
                cred->signing_state = lpcfg_client_signing(lp_ctx);
                cred->signing_state_obtained = CRED_SMB_CONF;
        }
+
+       if (cred->ipc_signing_state_obtained <= CRED_SMB_CONF) {
+               /* Will be set to required for invalid smb.conf values */
+               cred->ipc_signing_state = lpcfg_client_ipc_signing(lp_ctx);
+               cred->ipc_signing_state_obtained = CRED_SMB_CONF;
+       }
 }
 
 /**
@@ -1350,6 +1362,45 @@ cli_credentials_get_smb_signing(struct cli_credentials *creds)
        return creds->signing_state;
 }
 
+/**
+ * @brief Set the SMB IPC signing state to request for a SMB connection.
+ *
+ * @param[in]  creds          The credentials structure to update.
+ *
+ * @param[in]  signing_state  The signing state to set.
+ *
+ * @param obtained            This way the described signing state was specified.
+ *
+ * @return true if we could set the signing state, false otherwise.
+ */
+_PUBLIC_ bool
+cli_credentials_set_smb_ipc_signing(struct cli_credentials *creds,
+                                   enum smb_signing_setting ipc_signing_state,
+                                   enum credentials_obtained obtained)
+{
+       if (obtained >= creds->ipc_signing_state_obtained) {
+               creds->ipc_signing_state_obtained = obtained;
+               creds->ipc_signing_state = ipc_signing_state;
+               return true;
+       }
+
+       return false;
+}
+
+/**
+ * @brief Obtain the SMB IPC signing state from a credentials structure.
+ *
+ * @param[in]  creds  The credential structure to obtain the SMB IPC signing
+ *                    state from.
+ *
+ * @return The SMB singing state.
+ */
+_PUBLIC_ enum smb_signing_setting
+cli_credentials_get_smb_ipc_signing(struct cli_credentials *creds)
+{
+       return creds->ipc_signing_state;
+}
+
 /**
  * Encrypt a data blob using the session key and the negotiated encryption
  * algorithm
index f1fc3f62400fb69ea4c7e2878030754a7305ec3f..2333b991526b8ab7002232f0365b7d1c83cee205 100644 (file)
@@ -297,6 +297,12 @@ bool cli_credentials_set_smb_signing(struct cli_credentials *cred,
 enum smb_signing_setting
 cli_credentials_get_smb_signing(struct cli_credentials *cred);
 
+bool cli_credentials_set_smb_ipc_signing(struct cli_credentials *cred,
+                                        enum smb_signing_setting ipc_signing_state,
+                                        enum credentials_obtained obtained);
+enum smb_signing_setting
+cli_credentials_get_smb_ipc_signing(struct cli_credentials *cred);
+
 /**
  * Return attached NETLOGON credentials 
  */
index 9cde0000b5f4b574e61b3bc86a3765b9786e14e6..54e8271471fe9c682960f74a3d2ed7207f8fddfc 100644 (file)
@@ -38,6 +38,7 @@ struct cli_credentials {
        enum credentials_obtained keytab_obtained;
        enum credentials_obtained server_gss_creds_obtained;
        enum credentials_obtained signing_state_obtained;
+       enum credentials_obtained ipc_signing_state_obtained;
 
        /* Threshold values (essentially a MAX() over a number of the
         * above) for the ccache and GSS credentials, to ensure we
@@ -121,6 +122,8 @@ struct cli_credentials {
        bool password_will_be_nt_hash;
 
        enum smb_signing_setting signing_state;
+
+       enum smb_signing_setting ipc_signing_state;
 };
 
 #endif /* __CREDENTIALS_INTERNAL_H__ */