diff options
Diffstat (limited to 'auth')
-rw-r--r-- | auth/credentials/credentials.c | 45 | ||||
-rw-r--r-- | auth/credentials/credentials.h | 7 | ||||
-rw-r--r-- | auth/credentials/credentials_internal.h | 4 |
3 files changed, 56 insertions, 0 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 80a31b248ae..365a6def7ea 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -44,6 +44,8 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cred->winbind_separator = '\\'; + cred->signing_state = SMB_SIGNING_DEFAULT; + return cred; } @@ -922,6 +924,12 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred, if (sep != NULL && sep[0] != '\0') { cred->winbind_separator = *lpcfg_winbind_separator(lp_ctx); } + + if (cred->signing_state_obtained <= CRED_SMB_CONF) { + /* Will be set to default for invalid smb.conf values */ + cred->signing_state = lpcfg_client_signing(lp_ctx); + cred->signing_state_obtained = CRED_SMB_CONF; + } } /** @@ -1304,6 +1312,43 @@ _PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credenti return true; } +/** + * @brief Set the SMB signing state to request for a SMB connection. + * + * @param[in] creds The credentials structure to update. + * + * @param[in] signing_state The signing state to set. + * + * @param obtained This way the described signing state was specified. + * + * @return true if we could set the signing state, false otherwise. + */ +_PUBLIC_ bool cli_credentials_set_smb_signing(struct cli_credentials *creds, + enum smb_signing_setting signing_state, + enum credentials_obtained obtained) +{ + if (obtained >= creds->signing_state_obtained) { + creds->signing_state_obtained = obtained; + creds->signing_state = signing_state; + return true; + } + + return false; +} + +/** + * @brief Obtain the SMB signing state from a credentials structure. + * + * @param[in] creds The credential structure to obtain the SMB signing state + * from. + * + * @return The SMB singing state. + */ +_PUBLIC_ enum smb_signing_setting +cli_credentials_get_smb_signing(struct cli_credentials *creds) +{ + return creds->signing_state; +} /** * Encrypt a data blob using the session key and the negotiated encryption diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 9fc511d8389..f1fc3f62400 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -38,6 +38,7 @@ struct gssapi_creds_container; struct smb_krb5_context; struct keytab_container; struct db_context; +enum smb_signing_setting; /* In order of priority */ enum credentials_obtained { @@ -290,6 +291,12 @@ void *_cli_credentials_callback_data(struct cli_credentials *cred); #define cli_credentials_callback_data_void(_cred) \ _cli_credentials_callback_data(_cred) +bool cli_credentials_set_smb_signing(struct cli_credentials *cred, + enum smb_signing_setting signing_state, + enum credentials_obtained obtained); +enum smb_signing_setting +cli_credentials_get_smb_signing(struct cli_credentials *cred); + /** * Return attached NETLOGON credentials */ diff --git a/auth/credentials/credentials_internal.h b/auth/credentials/credentials_internal.h index 68f1f25dce1..9cde0000b5f 100644 --- a/auth/credentials/credentials_internal.h +++ b/auth/credentials/credentials_internal.h @@ -24,6 +24,7 @@ #include "../lib/util/data_blob.h" #include "librpc/gen_ndr/misc.h" +#include "libcli/smb/smb_constants.h" struct cli_credentials { enum credentials_obtained workstation_obtained; @@ -36,6 +37,7 @@ struct cli_credentials { enum credentials_obtained principal_obtained; enum credentials_obtained keytab_obtained; enum credentials_obtained server_gss_creds_obtained; + enum credentials_obtained signing_state_obtained; /* Threshold values (essentially a MAX() over a number of the * above) for the ccache and GSS credentials, to ensure we @@ -117,6 +119,8 @@ struct cli_credentials { char winbind_separator; bool password_will_be_nt_hash; + + enum smb_signing_setting signing_state; }; #endif /* __CREDENTIALS_INTERNAL_H__ */ |