From: Stefan Metzmacher Date: Thu, 6 May 2021 21:55:49 +0000 (+0200) Subject: s3:smbstatus: pretty print the use of new signing/encryption algorithms X-Git-Tag: samba-4.15.0rc1~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b576123dd976e94a229a9b094f6d047e100e88f8;p=thirdparty%2Fsamba.git s3:smbstatus: pretty print the use of new signing/encryption algorithms Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- diff --git a/source3/include/session.h b/source3/include/session.h index c32c8b0488c..268c059a8ed 100644 --- a/source3/include/session.h +++ b/source3/include/session.h @@ -41,6 +41,7 @@ struct sessionid { uint16_t connection_dialect; uint8_t encryption_flags; uint16_t cipher; + uint16_t signing; uint8_t signing_flags; }; diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c index cac0730ea89..32962253908 100644 --- a/source3/lib/sessionid_tdb.c +++ b/source3/lib/sessionid_tdb.c @@ -72,6 +72,7 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global, session.encryption_flags = global->encryption_flags; session.cipher = global->channels[0].encryption_cipher; session.signing_flags = global->signing_flags; + session.signing = global->channels[0].signing_algo; return state->fn(NULL, &session, state->private_data); } diff --git a/source3/utils/conn_tdb.c b/source3/utils/conn_tdb.c index 9bdaf2c5161..9be3d51a32b 100644 --- a/source3/utils/conn_tdb.c +++ b/source3/utils/conn_tdb.c @@ -44,6 +44,7 @@ struct connections_forall_session { fstring addr; uint16_t cipher; uint16_t dialect; + uint16_t signing; uint8_t signing_flags; }; @@ -67,6 +68,7 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global, fstrcpy(sess.machine, global->channels[0].remote_name); fstrcpy(sess.addr, global->channels[0].remote_address); sess.cipher = global->channels[0].encryption_cipher; + sess.signing = global->channels[0].signing_algo; sess.dialect = global->connection_dialect; sess.signing_flags = global->signing_flags; @@ -133,6 +135,7 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global, data.encryption_flags = global->encryption_flags; data.cipher = sess.cipher; data.dialect = sess.dialect; + data.signing = sess.signing; data.signing_flags = global->signing_flags; state->count++; diff --git a/source3/utils/conn_tdb.h b/source3/utils/conn_tdb.h index 34f00198c28..4f335176a73 100644 --- a/source3/utils/conn_tdb.h +++ b/source3/utils/conn_tdb.h @@ -37,6 +37,7 @@ struct connections_data { uint16_t cipher; uint16_t dialect; uint8_t signing_flags; + uint16_t signing; }; /* The following definitions come from lib/conn_tdb.c */ diff --git a/source3/utils/status.c b/source3/utils/status.c index 4b90ade221a..778af6d97ad 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -358,12 +358,23 @@ static int traverse_connections(const struct connections_key *key, } if (smbXsrv_is_signed(crec->signing_flags)) { - if (crec->dialect >= SMB3_DIALECT_REVISION_302) { - signing = "AES-128-CMAC"; - } else if (crec->dialect >= SMB2_DIALECT_REVISION_202) { - signing = "HMAC-SHA256"; - } else { + switch (crec->signing) { + case SMB2_SIGNING_MD5_SMB1: signing = "HMAC-MD5"; + break; + case SMB2_SIGNING_HMAC_SHA256: + signing = "HMAC-SHA256"; + break; + case SMB2_SIGNING_AES128_CMAC: + signing = "AES-128-CMAC"; + break; + case SMB2_SIGNING_AES128_GMAC: + signing = "AES-128-GMAC"; + break; + default: + signing = "???"; + result = -1; + break; } } @@ -450,6 +461,12 @@ static int traverse_sessionid(const char *key, struct sessionid *session, case SMB2_ENCRYPTION_AES128_GCM: encryption = "AES-128-GCM"; break; + case SMB2_ENCRYPTION_AES256_CCM: + encryption = "AES-256-CCM"; + break; + case SMB2_ENCRYPTION_AES256_GCM: + encryption = "AES-256-GCM"; + break; default: encryption = "???"; result = -1; @@ -466,6 +483,12 @@ static int traverse_sessionid(const char *key, struct sessionid *session, case SMB2_ENCRYPTION_AES128_GCM: encryption = "partial(AES-128-GCM)"; break; + case SMB2_ENCRYPTION_AES256_CCM: + encryption = "partial(AES-256-CCM)"; + break; + case SMB2_ENCRYPTION_AES256_GCM: + encryption = "partial(AES-256-GCM)"; + break; default: encryption = "???"; result = -1; @@ -474,20 +497,42 @@ static int traverse_sessionid(const char *key, struct sessionid *session, } if (smbXsrv_is_signed(session->signing_flags)) { - if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) { - signing = "AES-128-CMAC"; - } else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) { - signing = "HMAC-SHA256"; - } else { + switch (session->signing) { + case SMB2_SIGNING_MD5_SMB1: signing = "HMAC-MD5"; + break; + case SMB2_SIGNING_HMAC_SHA256: + signing = "HMAC-SHA256"; + break; + case SMB2_SIGNING_AES128_CMAC: + signing = "AES-128-CMAC"; + break; + case SMB2_SIGNING_AES128_GMAC: + signing = "AES-128-GMAC"; + break; + default: + signing = "???"; + result = -1; + break; } } else if (smbXsrv_is_partially_signed(session->signing_flags)) { - if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) { - signing = "partial(AES-128-CMAC)"; - } else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) { - signing = "partial(HMAC-SHA256)"; - } else { + switch (session->signing) { + case SMB2_SIGNING_MD5_SMB1: signing = "partial(HMAC-MD5)"; + break; + case SMB2_SIGNING_HMAC_SHA256: + signing = "partial(HMAC-SHA256)"; + break; + case SMB2_SIGNING_AES128_CMAC: + signing = "partial(AES-128-CMAC)"; + break; + case SMB2_SIGNING_AES128_GMAC: + signing = "partial(AES-128-GMAC)"; + break; + default: + signing = "???"; + result = -1; + break; } }