From 4ddec1ca257fff418847c5d1e83a3fb7cb5ade1a Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 27 Aug 2020 15:52:11 +0200 Subject: [PATCH] s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy() Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison --- source3/libsmb/clidfs.c | 17 ++++++++++++----- source3/libsmb/libsmb_server.c | 4 ---- source3/libsmb/proto.h | 1 - 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 5503506de97..736c565a7a8 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -230,7 +230,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, if (smbXcli_conn_dfs_supported(c->conn) && cli_check_msdfs_proxy(ctx, c, sharename, &newserver, &newshare, - force_encrypt, creds)) { + creds)) { cli_shutdown(c); return do_connect(ctx, newserver, newshare, auth_info, @@ -1176,7 +1176,6 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, const char *sharename, char **pp_newserver, char **pp_newshare, - bool force_encrypt, struct cli_credentials *creds) { struct client_dfs_referral *refs = NULL; @@ -1188,6 +1187,8 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, char *newextrapath = NULL; NTSTATUS status; const char *remote_name; + enum smb_encryption_setting encryption_state = + cli_credentials_get_smb_encryption(creds); if (!cli || !sharename) { return false; @@ -1223,11 +1224,17 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, return false; } - if (force_encrypt) { + if (encryption_state >= SMB_ENCRYPTION_DESIRED) { status = cli_cm_force_encryption_creds(cli, creds, "IPC$"); if (!NT_STATUS_IS_OK(status)) { - cli_state_restore_tcon(cli, orig_tcon); - return false; + switch (encryption_state) { + case SMB_ENCRYPTION_DESIRED: + break; + case SMB_ENCRYPTION_REQUIRED: + default: + cli_state_restore_tcon(cli, orig_tcon); + return false; + } } } diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index eb58d7c6ac9..5a1055ba773 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -587,10 +587,6 @@ SMBC_server_internal(TALLOC_CTX *ctx, if (smbXcli_conn_dfs_supported(c->conn) && cli_check_msdfs_proxy(ctx, c, share, &newserver, &newshare, - /* FIXME: cli_check_msdfs_proxy() does - not support smbc_smb_encrypt_level type */ - context->internal->smb_encryption_level ? - true : false, creds)) { cli_shutdown(c); srv = SMBC_server_internal(ctx, context, connect_if_not_found, diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index 360a39b9a54..e636fc96f50 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -161,7 +161,6 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx, const char *sharename, char **pp_newserver, char **pp_newshare, - bool force_encrypt, struct cli_credentials *creds); /* The following definitions come from libsmb/clientgen.c */ -- 2.47.3