From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 20 Aug 2020 10:18:21 +0000 (+0200)
Subject: Add dcerpc_transport_encrypted()
X-Git-Tag: talloc-2.3.2~43
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=339bfcd67af2675d10287946d8f5dabba1022d57;p=thirdparty%2Fsamba.git

Add dcerpc_transport_encrypted()

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---

diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 6b0b841d64d..57124f10778 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -87,6 +87,7 @@ struct dcecli_connection {
 	struct dcerpc_transport {
 		enum dcerpc_transport_t transport;
 		void *private_data;
+		bool encrypted;
 
 		struct tstream_context *stream;
 		/** to serialize write events */
@@ -181,6 +182,7 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
 			       const struct ndr_interface_table *table);
 NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
 				  DATA_BLOB *session_key);
+bool dcerpc_transport_encrypted(struct dcerpc_pipe *p);
 struct composite_context;
 NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
 					  struct dcerpc_pipe **p2);
diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index 8719ff9821e..259de719928 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -147,6 +147,7 @@ static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq)
 		struct dcerpc_pipe_open_smb_state);
 	struct composite_context *ctx = state->ctx;
 	struct dcecli_connection *c = state->c;
+	uint16_t enc_cipher;
 
 	ctx->status = tstream_smbXcli_np_open_recv(subreq,
 						   state->smb,
@@ -175,6 +176,16 @@ static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq)
 	/* Over-ride the default session key with the SMB session key */
 	c->security_state.session_key = smb_session_key;
 
+	enc_cipher = smb2cli_session_get_encryption_cipher(state->smb->session);
+	switch (enc_cipher) {
+	case SMB2_ENCRYPTION_AES128_CCM:
+	case SMB2_ENCRYPTION_AES128_GCM:
+		c->transport.encrypted = true;
+		break;
+	default:
+		c->transport.encrypted = false;
+	}
+
 	c->transport.private_data = talloc_move(c, &state->smb);
 
 	composite_done(ctx);
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index bd79a072bc8..6ea27a8d9a3 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -743,6 +743,19 @@ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
 	return NT_STATUS_OK;
 }
 
+_PUBLIC_ bool dcerpc_transport_encrypted(struct dcerpc_pipe *p)
+{
+	if (p == NULL) {
+		return false;
+	}
+
+	if (p->conn == NULL) {
+		return false;
+	}
+
+	return p->conn->transport.encrypted;
+}
+
 /*
   create a secondary context from a primary connection