auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

3 files changed, 60 insertions, 0 deletions

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 365a6def7ea..dc5d51f1424 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -46,6 +46,12 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
 
 	cred->signing_state = SMB_SIGNING_DEFAULT;
 
+	/*
+	 * The default value of lpcfg_client_ipc_signing() is REQUIRED, so use
+	 * the same value here.
+	 */
+	cred->ipc_signing_state = SMB_SIGNING_REQUIRED;
+
 	return cred;
 }
 
@@ -930,6 +936,12 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred,
 		cred->signing_state = lpcfg_client_signing(lp_ctx);
 		cred->signing_state_obtained = CRED_SMB_CONF;
 	}
+
+	if (cred->ipc_signing_state_obtained <= CRED_SMB_CONF) {
+		/* Will be set to required for invalid smb.conf values */
+		cred->ipc_signing_state = lpcfg_client_ipc_signing(lp_ctx);
+		cred->ipc_signing_state_obtained = CRED_SMB_CONF;
+	}
 }
 
 /**
@@ -1351,6 +1363,45 @@ cli_credentials_get_smb_signing(struct cli_credentials *creds)
 }
 
 /**
+ * @brief Set the SMB IPC signing state to request for a SMB connection.
+ *
+ * @param[in]  creds          The credentials structure to update.
+ *
+ * @param[in]  signing_state  The signing state to set.
+ *
+ * @param obtained            This way the described signing state was specified.
+ *
+ * @return true if we could set the signing state, false otherwise.
+ */
+_PUBLIC_ bool
+cli_credentials_set_smb_ipc_signing(struct cli_credentials *creds,
+				    enum smb_signing_setting ipc_signing_state,
+				    enum credentials_obtained obtained)
+{
+	if (obtained >= creds->ipc_signing_state_obtained) {
+		creds->ipc_signing_state_obtained = obtained;
+		creds->ipc_signing_state = ipc_signing_state;
+		return true;
+	}
+
+	return false;
+}
+
+/**
+ * @brief Obtain the SMB IPC signing state from a credentials structure.
+ *
+ * @param[in]  creds  The credential structure to obtain the SMB IPC signing
+ *                    state from.
+ *
+ * @return The SMB singing state.
+ */
+_PUBLIC_ enum smb_signing_setting
+cli_credentials_get_smb_ipc_signing(struct cli_credentials *creds)
+{
+	return creds->ipc_signing_state;
+}
+
+/**
  * Encrypt a data blob using the session key and the negotiated encryption
  * algorithm
  *
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index f1fc3f62400..2333b991526 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -297,6 +297,12 @@ bool cli_credentials_set_smb_signing(struct cli_credentials *cred,
 enum smb_signing_setting
 cli_credentials_get_smb_signing(struct cli_credentials *cred);
 
+bool cli_credentials_set_smb_ipc_signing(struct cli_credentials *cred,
+					 enum smb_signing_setting ipc_signing_state,
+					 enum credentials_obtained obtained);
+enum smb_signing_setting
+cli_credentials_get_smb_ipc_signing(struct cli_credentials *cred);
+
 /**
  * Return attached NETLOGON credentials 
  */
diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h
index 9cde0000b5f..54e8271471f 100644
--- a/auth/credentials/credentials_internal.h
+++ b/auth/credentials/credentials_internal.h
@@ -38,6 +38,7 @@ struct cli_credentials {
 	enum credentials_obtained keytab_obtained;
 	enum credentials_obtained server_gss_creds_obtained;
 	enum credentials_obtained signing_state_obtained;
+	enum credentials_obtained ipc_signing_state_obtained;
 
 	/* Threshold values (essentially a MAX() over a number of the
 	 * above) for the ccache and GSS credentials, to ensure we
@@ -121,6 +122,8 @@ struct cli_credentials {
 	bool password_will_be_nt_hash;
 
 	enum smb_signing_setting signing_state;
+
+	enum smb_signing_setting ipc_signing_state;
 };
 
 #endif /* __CREDENTIALS_INTERNAL_H__ */