From: Andreas Schneider Date: Thu, 27 Aug 2020 13:52:11 +0000 (+0200) Subject: s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy() X-Git-Tag: talloc-2.3.2~281 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ddec1ca257fff418847c5d1e83a3fb7cb5ade1a;p=thirdparty%2Fsamba.git s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy() Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison --- diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 5503506de97..736c565a7a8 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -230,7 +230,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, if (smbXcli_conn_dfs_supported(c->conn) && cli_check_msdfs_proxy(ctx, c, sharename, &newserver, &newshare, - force_encrypt, creds)) { + creds)) { cli_shutdown(c); return do_connect(ctx, newserver, newshare, auth_info, @@ -1176,7 +1176,6 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, const char *sharename, char **pp_newserver, char **pp_newshare, - bool force_encrypt, struct cli_credentials *creds) { struct client_dfs_referral *refs = NULL; @@ -1188,6 +1187,8 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, char *newextrapath = NULL; NTSTATUS status; const char *remote_name; + enum smb_encryption_setting encryption_state = + cli_credentials_get_smb_encryption(creds); if (!cli || !sharename) { return false; @@ -1223,11 +1224,17 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, return false; } - if (force_encrypt) { + if (encryption_state >= SMB_ENCRYPTION_DESIRED) { status = cli_cm_force_encryption_creds(cli, creds, "IPC$"); if (!NT_STATUS_IS_OK(status)) { - cli_state_restore_tcon(cli, orig_tcon); - return false; + switch (encryption_state) { + case SMB_ENCRYPTION_DESIRED: + break; + case SMB_ENCRYPTION_REQUIRED: + default: + cli_state_restore_tcon(cli, orig_tcon); + return false; + } } } diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index eb58d7c6ac9..5a1055ba773 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -587,10 +587,6 @@ SMBC_server_internal(TALLOC_CTX *ctx, if (smbXcli_conn_dfs_supported(c->conn) && cli_check_msdfs_proxy(ctx, c, share, &newserver, &newshare, - /* FIXME: cli_check_msdfs_proxy() does - not support smbc_smb_encrypt_level type */ - context->internal->smb_encryption_level ? - true : false, creds)) { cli_shutdown(c); srv = SMBC_server_internal(ctx, context, connect_if_not_found, diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index 360a39b9a54..e636fc96f50 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -161,7 +161,6 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, const char *sharename, char **pp_newserver, char **pp_newshare, - bool force_encrypt, struct cli_credentials *creds); /* The following definitions come from libsmb/clientgen.c */