From: Andreas Schneider Date: Fri, 24 Jul 2020 08:18:52 +0000 (+0200) Subject: s4:libcli: Require signing for SMB encryption X-Git-Tag: talloc-2.3.2~769 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81052e41da82041cd32f3f7f3f20fd52ffb7e491;p=thirdparty%2Fsamba.git s4:libcli: Require signing for SMB encryption Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher --- diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index 3a3ecdf20e8..9540704491e 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -31,6 +31,7 @@ #include "param/param.h" #include "auth/credentials/credentials.h" #include "../libcli/smb/smbXcli_base.h" +#include "smb2_constants.h" struct smb2_connect_state { struct tevent_context *ev; @@ -76,6 +77,8 @@ struct tevent_req *smb2_connect_send(TALLOC_CTX *mem_ctx, struct smb2_connect_state *state; struct composite_context *creq; static const char *default_ports[] = { "445", "139", NULL }; + enum smb_encryption_setting encryption_state = + cli_credentials_get_smb_encryption(credentials); req = tevent_req_create(mem_ctx, &state, struct smb2_connect_state); @@ -99,6 +102,10 @@ struct tevent_req *smb2_connect_send(TALLOC_CTX *mem_ctx, state->ports = default_ports; } + if (encryption_state >= SMB_ENCRYPTION_DESIRED) { + state->options.signing = SMB_SIGNING_REQUIRED; + } + make_nbt_name_client(&state->calling, cli_credentials_get_workstation(credentials)); @@ -116,7 +123,7 @@ struct tevent_req *smb2_connect_send(TALLOC_CTX *mem_ctx, status = smb2_transport_raw_init(state, ev, existing_conn, - options, + &state->options, &state->transport); if (tevent_req_nterror(req, status)) { return tevent_req_post(req, ev);