auth:creds: Add cli_credentials_(get|set)_smb_signing()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

3 files changed, 56 insertions, 0 deletions

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 80a31b248ae..365a6def7ea 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -44,6 +44,8 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 
 	cred->winbind_separator = '\\';
 
+	cred->signing_state = SMB_SIGNING_DEFAULT;
+
 	return cred;
 }
 
@@ -922,6 +924,12 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
 	if (sep != NULL && sep[0] != '\0') {
 		cred->winbind_separator = *lpcfg_winbind_separator(lp_ctx);
 	}
+
+	if (cred->signing_state_obtained <= CRED_SMB_CONF) {
+		/* Will be set to default for invalid smb.conf values */
+		cred->signing_state = lpcfg_client_signing(lp_ctx);
+		cred->signing_state_obtained = CRED_SMB_CONF;
+	}
 }
 
 /**
@@ -1304,6 +1312,43 @@ _PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credenti
 	return true;
 }
 
+/**
+ * @brief Set the SMB signing state to request for a SMB connection.
+ *
+ * @param[in]  creds          The credentials structure to update.
+ *
+ * @param[in]  signing_state  The signing state to set.
+ *
+ * @param obtained            This way the described signing state was specified.
+ *
+ * @return true if we could set the signing state, false otherwise.
+ */
+_PUBLIC_ bool cli_credentials_set_smb_signing(struct cli_credentials *creds,
+					      enum smb_signing_setting signing_state,
+					      enum credentials_obtained obtained)
+{
+	if (obtained >= creds->signing_state_obtained) {
+		creds->signing_state_obtained = obtained;
+		creds->signing_state = signing_state;
+		return true;
+	}
+
+	return false;
+}
+
+/**
+ * @brief Obtain the SMB signing state from a credentials structure.
+ *
+ * @param[in]  creds  The credential structure to obtain the SMB signing state
+ *                    from.
+ *
+ * @return The SMB singing state.
+ */
+_PUBLIC_ enum smb_signing_setting
+cli_credentials_get_smb_signing(struct cli_credentials *creds)
+{
+	return creds->signing_state;
+}
 
 /**
  * Encrypt a data blob using the session key and the negotiated encryption
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 9fc511d8389..f1fc3f62400 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -38,6 +38,7 @@ struct gssapi_creds_container;
 struct smb_krb5_context;
 struct keytab_container;
 struct db_context;
+enum smb_signing_setting;
 
 /* In order of priority */
 enum credentials_obtained { 
@@ -290,6 +291,12 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred);
 #define cli_credentials_callback_data_void(_cred) \
 	_cli_credentials_callback_data(_cred)
 
+bool cli_credentials_set_smb_signing(struct cli_credentials *cred,
+				     enum smb_signing_setting signing_state,
+				     enum credentials_obtained obtained);
+enum smb_signing_setting
+cli_credentials_get_smb_signing(struct cli_credentials *cred);
+
 /**
  * Return attached NETLOGON credentials 
  */
diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h
index 68f1f25dce1..9cde0000b5f 100644
--- a/auth/credentials/credentials_internal.h
+++ b/auth/credentials/credentials_internal.h
@@ -24,6 +24,7 @@
 
 #include "../lib/util/data_blob.h"
 #include "librpc/gen_ndr/misc.h"
+#include "libcli/smb/smb_constants.h"
 
 struct cli_credentials {
 	enum credentials_obtained workstation_obtained;
@@ -36,6 +37,7 @@ struct cli_credentials {
 	enum credentials_obtained principal_obtained;
 	enum credentials_obtained keytab_obtained;
 	enum credentials_obtained server_gss_creds_obtained;
+	enum credentials_obtained signing_state_obtained;
 
 	/* Threshold values (essentially a MAX() over a number of the
 	 * above) for the ccache and GSS credentials, to ensure we
@@ -117,6 +119,8 @@ struct cli_credentials {
 	char winbind_separator;
 
 	bool password_will_be_nt_hash;
+
+	enum smb_signing_setting signing_state;
 };
 
 #endif /* __CREDENTIALS_INTERNAL_H__ */