2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan (metze) Metzmacher 2003
5 Copyright (C) Jeremy Allison 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libsmb/libsmb.h"
23 #include "../libcli/auth/spnego.h"
24 #include "../auth/ntlmssp/ntlmssp.h"
25 #include "../lib/util/tevent_ntstatus.h"
26 #include "async_smb.h"
27 #include "../libcli/smb/smb_seal.h"
29 #include "ntlmssp_wrap.h"
30 #include "auth/gensec/gensec.h"
31 #include "../libcli/smb/smbXcli_base.h"
33 /****************************************************************************
34 Get UNIX extensions version info.
35 ****************************************************************************/
37 struct cli_unix_extensions_version_state {
38 struct cli_state *cli;
41 uint16_t major, minor;
42 uint32_t caplow, caphigh;
45 static void cli_unix_extensions_version_done(struct tevent_req *subreq);
47 struct tevent_req *cli_unix_extensions_version_send(TALLOC_CTX *mem_ctx,
48 struct tevent_context *ev,
49 struct cli_state *cli)
51 struct tevent_req *req, *subreq;
52 struct cli_unix_extensions_version_state *state;
54 req = tevent_req_create(mem_ctx, &state,
55 struct cli_unix_extensions_version_state);
60 SSVAL(state->setup, 0, TRANSACT2_QFSINFO);
61 SSVAL(state->param, 0, SMB_QUERY_CIFS_UNIX_INFO);
63 subreq = cli_trans_send(state, ev, cli, SMBtrans2,
68 if (tevent_req_nomem(subreq, req)) {
69 return tevent_req_post(req, ev);
71 tevent_req_set_callback(subreq, cli_unix_extensions_version_done, req);
75 static void cli_unix_extensions_version_done(struct tevent_req *subreq)
77 struct tevent_req *req = tevent_req_callback_data(
78 subreq, struct tevent_req);
79 struct cli_unix_extensions_version_state *state = tevent_req_data(
80 req, struct cli_unix_extensions_version_state);
85 status = cli_trans_recv(subreq, state, NULL, NULL, 0, NULL,
86 NULL, 0, NULL, &data, 12, &num_data);
88 if (!NT_STATUS_IS_OK(status)) {
89 tevent_req_nterror(req, status);
93 state->major = SVAL(data, 0);
94 state->minor = SVAL(data, 2);
95 state->caplow = IVAL(data, 4);
96 state->caphigh = IVAL(data, 8);
101 NTSTATUS cli_unix_extensions_version_recv(struct tevent_req *req,
102 uint16_t *pmajor, uint16_t *pminor,
106 struct cli_unix_extensions_version_state *state = tevent_req_data(
107 req, struct cli_unix_extensions_version_state);
110 if (tevent_req_is_nterror(req, &status)) {
113 *pmajor = state->major;
114 *pminor = state->minor;
115 *pcaplow = state->caplow;
116 *pcaphigh = state->caphigh;
117 state->cli->server_posix_capabilities = *pcaplow;
121 NTSTATUS cli_unix_extensions_version(struct cli_state *cli, uint16 *pmajor,
122 uint16 *pminor, uint32 *pcaplow,
125 TALLOC_CTX *frame = talloc_stackframe();
126 struct event_context *ev;
127 struct tevent_req *req;
128 NTSTATUS status = NT_STATUS_OK;
130 if (cli_has_async_calls(cli)) {
132 * Can't use sync call while an async call is in flight
134 status = NT_STATUS_INVALID_PARAMETER;
138 ev = event_context_init(frame);
140 status = NT_STATUS_NO_MEMORY;
144 req = cli_unix_extensions_version_send(frame, ev, cli);
146 status = NT_STATUS_NO_MEMORY;
150 if (!tevent_req_poll(req, ev)) {
151 status = map_nt_error_from_unix(errno);
155 status = cli_unix_extensions_version_recv(req, pmajor, pminor, pcaplow,
162 /****************************************************************************
163 Set UNIX extensions capabilities.
164 ****************************************************************************/
166 struct cli_set_unix_extensions_capabilities_state {
167 struct cli_state *cli;
173 static void cli_set_unix_extensions_capabilities_done(
174 struct tevent_req *subreq);
176 struct tevent_req *cli_set_unix_extensions_capabilities_send(
177 TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
178 uint16_t major, uint16_t minor, uint32_t caplow, uint32_t caphigh)
180 struct tevent_req *req, *subreq;
181 struct cli_set_unix_extensions_capabilities_state *state;
183 req = tevent_req_create(
185 struct cli_set_unix_extensions_capabilities_state);
191 SSVAL(state->setup+0, 0, TRANSACT2_SETFSINFO);
193 SSVAL(state->param, 0, 0);
194 SSVAL(state->param, 2, SMB_SET_CIFS_UNIX_INFO);
196 SSVAL(state->data, 0, major);
197 SSVAL(state->data, 2, minor);
198 SIVAL(state->data, 4, caplow);
199 SIVAL(state->data, 8, caphigh);
201 subreq = cli_trans_send(state, ev, cli, SMBtrans2,
205 state->data, 12, 560);
206 if (tevent_req_nomem(subreq, req)) {
207 return tevent_req_post(req, ev);
209 tevent_req_set_callback(
210 subreq, cli_set_unix_extensions_capabilities_done, req);
214 static void cli_set_unix_extensions_capabilities_done(
215 struct tevent_req *subreq)
217 struct tevent_req *req = tevent_req_callback_data(
218 subreq, struct tevent_req);
219 struct cli_set_unix_extensions_capabilities_state *state = tevent_req_data(
220 req, struct cli_set_unix_extensions_capabilities_state);
222 NTSTATUS status = cli_trans_recv(subreq, NULL, NULL, NULL, 0, NULL,
223 NULL, 0, NULL, NULL, 0, NULL);
224 if (NT_STATUS_IS_OK(status)) {
225 state->cli->requested_posix_capabilities = IVAL(state->data, 4);
227 tevent_req_simple_finish_ntstatus(subreq, status);
230 NTSTATUS cli_set_unix_extensions_capabilities_recv(struct tevent_req *req)
232 return tevent_req_simple_recv_ntstatus(req);
235 NTSTATUS cli_set_unix_extensions_capabilities(struct cli_state *cli,
236 uint16 major, uint16 minor,
237 uint32 caplow, uint32 caphigh)
239 struct tevent_context *ev;
240 struct tevent_req *req;
241 NTSTATUS status = NT_STATUS_NO_MEMORY;
243 if (cli_has_async_calls(cli)) {
244 return NT_STATUS_INVALID_PARAMETER;
246 ev = tevent_context_init(talloc_tos());
250 req = cli_set_unix_extensions_capabilities_send(
251 ev, ev, cli, major, minor, caplow, caphigh);
255 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
258 status = cli_set_unix_extensions_capabilities_recv(req);
264 struct cli_get_fs_attr_info_state {
270 static void cli_get_fs_attr_info_done(struct tevent_req *subreq);
272 struct tevent_req *cli_get_fs_attr_info_send(TALLOC_CTX *mem_ctx,
273 struct tevent_context *ev,
274 struct cli_state *cli)
276 struct tevent_req *subreq, *req;
277 struct cli_get_fs_attr_info_state *state;
279 req = tevent_req_create(mem_ctx, &state,
280 struct cli_get_fs_attr_info_state);
284 SSVAL(state->setup+0, 0, TRANSACT2_QFSINFO);
285 SSVAL(state->param+0, 0, SMB_QUERY_FS_ATTRIBUTE_INFO);
287 subreq = cli_trans_send(state, ev, cli, SMBtrans2,
292 if (tevent_req_nomem(subreq, req)) {
293 return tevent_req_post(req, ev);
295 tevent_req_set_callback(subreq, cli_get_fs_attr_info_done, req);
299 static void cli_get_fs_attr_info_done(struct tevent_req *subreq)
301 struct tevent_req *req = tevent_req_callback_data(
302 subreq, struct tevent_req);
303 struct cli_get_fs_attr_info_state *state = tevent_req_data(
304 req, struct cli_get_fs_attr_info_state);
309 status = cli_trans_recv(subreq, talloc_tos(), NULL, NULL, 0, NULL,
310 NULL, 0, NULL, &data, 12, &num_data);
312 if (!NT_STATUS_IS_OK(status)) {
313 tevent_req_nterror(req, status);
316 state->fs_attr = IVAL(data, 0);
318 tevent_req_done(req);
321 NTSTATUS cli_get_fs_attr_info_recv(struct tevent_req *req, uint32_t *fs_attr)
323 struct cli_get_fs_attr_info_state *state = tevent_req_data(
324 req, struct cli_get_fs_attr_info_state);
327 if (tevent_req_is_nterror(req, &status)) {
330 *fs_attr = state->fs_attr;
334 NTSTATUS cli_get_fs_attr_info(struct cli_state *cli, uint32_t *fs_attr)
336 struct tevent_context *ev;
337 struct tevent_req *req;
338 NTSTATUS status = NT_STATUS_NO_MEMORY;
340 if (cli_has_async_calls(cli)) {
341 return NT_STATUS_INVALID_PARAMETER;
343 ev = tevent_context_init(talloc_tos());
347 req = cli_get_fs_attr_info_send(ev, ev, cli);
351 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
354 status = cli_get_fs_attr_info_recv(req, fs_attr);
360 NTSTATUS cli_get_fs_volume_info(struct cli_state *cli,
363 uint32_t *pserial_number,
367 uint16_t recv_flags2;
371 uint32_t rdata_count;
373 char *volume_name = NULL;
375 SSVAL(setup, 0, TRANSACT2_QFSINFO);
376 SSVAL(param,0,SMB_QUERY_FS_VOLUME_INFO);
378 status = cli_trans(talloc_tos(), cli, SMBtrans2,
386 &rdata, 18, &rdata_count);
387 if (!NT_STATUS_IS_OK(status)) {
393 ts = interpret_long_date((char *)rdata);
396 if (pserial_number) {
397 *pserial_number = IVAL(rdata,8);
399 nlen = IVAL(rdata,12);
400 if (nlen > (rdata_count - 18)) {
402 return NT_STATUS_INVALID_NETWORK_RESPONSE;
405 clistr_pull_talloc(mem_ctx,
411 if (volume_name == NULL) {
412 status = map_nt_error_from_unix(errno);
417 /* todo: but not yet needed
418 * return the other stuff
421 *_volume_name = volume_name;
426 NTSTATUS cli_get_fs_full_size_info(struct cli_state *cli,
427 uint64_t *total_allocation_units,
428 uint64_t *caller_allocation_units,
429 uint64_t *actual_allocation_units,
430 uint64_t *sectors_per_allocation_unit,
431 uint64_t *bytes_per_sector)
435 uint8_t *rdata = NULL;
436 uint32_t rdata_count;
439 SSVAL(setup, 0, TRANSACT2_QFSINFO);
440 SSVAL(param, 0, SMB_FS_FULL_SIZE_INFORMATION);
442 status = cli_trans(talloc_tos(), cli, SMBtrans2,
444 setup, 1, 0, /* setup */
445 param, 2, 0, /* param */
446 NULL, 0, 560, /* data */
448 NULL, 0, NULL, /* rsetup */
449 NULL, 0, NULL, /* rparam */
450 &rdata, 32, &rdata_count); /* rdata */
451 if (!NT_STATUS_IS_OK(status)) {
455 if (total_allocation_units) {
456 *total_allocation_units = BIG_UINT(rdata, 0);
458 if (caller_allocation_units) {
459 *caller_allocation_units = BIG_UINT(rdata,8);
461 if (actual_allocation_units) {
462 *actual_allocation_units = BIG_UINT(rdata,16);
464 if (sectors_per_allocation_unit) {
465 *sectors_per_allocation_unit = IVAL(rdata,24);
467 if (bytes_per_sector) {
468 *bytes_per_sector = IVAL(rdata,28);
476 NTSTATUS cli_get_posix_fs_info(struct cli_state *cli,
477 uint32 *optimal_transfer_size,
479 uint64_t *total_blocks,
480 uint64_t *blocks_available,
481 uint64_t *user_blocks_available,
482 uint64_t *total_file_nodes,
483 uint64_t *free_file_nodes,
484 uint64_t *fs_identifier)
488 uint8_t *rdata = NULL;
489 uint32_t rdata_count;
492 SSVAL(setup, 0, TRANSACT2_QFSINFO);
493 SSVAL(param,0,SMB_QUERY_POSIX_FS_INFO);
495 status = cli_trans(talloc_tos(), cli, SMBtrans2, NULL, 0, 0, 0,
500 NULL, 0, NULL, /* rsetup */
501 NULL, 0, NULL, /* rparam */
502 &rdata, 56, &rdata_count);
503 if (!NT_STATUS_IS_OK(status)) {
507 if (optimal_transfer_size) {
508 *optimal_transfer_size = IVAL(rdata, 0);
511 *block_size = IVAL(rdata,4);
514 *total_blocks = BIG_UINT(rdata,8);
516 if (blocks_available) {
517 *blocks_available = BIG_UINT(rdata,16);
519 if (user_blocks_available) {
520 *user_blocks_available = BIG_UINT(rdata,24);
522 if (total_file_nodes) {
523 *total_file_nodes = BIG_UINT(rdata,32);
525 if (free_file_nodes) {
526 *free_file_nodes = BIG_UINT(rdata,40);
529 *fs_identifier = BIG_UINT(rdata,48);
535 /******************************************************************************
536 Send/receive the request encryption blob.
537 ******************************************************************************/
539 static NTSTATUS enc_blob_send_receive(struct cli_state *cli, DATA_BLOB *in, DATA_BLOB *out, DATA_BLOB *param_out)
543 uint8_t *rparam=NULL, *rdata=NULL;
544 uint32_t num_rparam, num_rdata;
547 SSVAL(setup+0, 0, TRANSACT2_SETFSINFO);
549 SSVAL(param,2,SMB_REQUEST_TRANSPORT_ENCRYPTION);
551 status = cli_trans(talloc_tos(), cli, SMBtrans2, NULL, 0, 0, 0,
554 (uint8_t *)in->data, in->length, CLI_BUFFER_SIZE,
555 NULL, /* recv_flags */
556 NULL, 0, NULL, /* rsetup */
557 &rparam, 0, &num_rparam,
558 &rdata, 0, &num_rdata);
560 if (!NT_STATUS_IS_OK(status) &&
561 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
565 *out = data_blob(rdata, num_rdata);
566 *param_out = data_blob(rparam, num_rparam);
573 /******************************************************************************
574 Make a client state struct.
575 ******************************************************************************/
577 static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type smb_enc_type)
579 struct smb_trans_enc_state *es = NULL;
580 es = SMB_MALLOC_P(struct smb_trans_enc_state);
585 es->smb_enc_type = smb_enc_type;
587 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
588 if (smb_enc_type == SMB_TRANS_ENC_GSS) {
589 es->s.gss_state = SMB_MALLOC_P(struct smb_tran_enc_state_gss);
590 if (!es->s.gss_state) {
594 ZERO_STRUCTP(es->s.gss_state);
600 /******************************************************************************
601 Start a raw ntlmssp encryption.
602 ******************************************************************************/
604 NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
609 DATA_BLOB blob_in = data_blob_null;
610 DATA_BLOB blob_out = data_blob_null;
611 DATA_BLOB param_out = data_blob_null;
612 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
613 struct auth_generic_state *auth_ntlmssp_state;
614 struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_NTLM);
617 return NT_STATUS_NO_MEMORY;
619 status = auth_ntlmssp_client_prepare(NULL,
620 &auth_ntlmssp_state);
621 if (!NT_STATUS_IS_OK(status)) {
625 gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SESSION_KEY);
626 gensec_want_feature(auth_ntlmssp_state->gensec_security, GENSEC_FEATURE_SEAL);
628 if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_username(auth_ntlmssp_state, user))) {
631 if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_domain(auth_ntlmssp_state, domain))) {
634 if (!NT_STATUS_IS_OK(status = auth_ntlmssp_set_password(auth_ntlmssp_state, pass))) {
638 if (!NT_STATUS_IS_OK(status = auth_ntlmssp_client_start(auth_ntlmssp_state))) {
643 status = gensec_update(auth_ntlmssp_state->gensec_security, auth_ntlmssp_state,
644 NULL, blob_in, &blob_out);
645 data_blob_free(&blob_in);
646 data_blob_free(¶m_out);
647 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) {
648 NTSTATUS trans_status = enc_blob_send_receive(cli,
652 if (!NT_STATUS_EQUAL(trans_status,
653 NT_STATUS_MORE_PROCESSING_REQUIRED) &&
654 !NT_STATUS_IS_OK(trans_status)) {
655 status = trans_status;
657 if (param_out.length == 2) {
658 es->enc_ctx_num = SVAL(param_out.data, 0);
662 data_blob_free(&blob_out);
663 } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
665 data_blob_free(&blob_in);
667 if (NT_STATUS_IS_OK(status)) {
669 /* Replace the old state, if any. */
670 /* We only need the gensec_security part from here.
671 * es is a malloc()ed pointer, so we cannot make
672 * gensec_security a talloc child */
673 es->s.gensec_security = talloc_move(NULL,
674 &auth_ntlmssp_state->gensec_security);
675 smb1cli_conn_set_encryption(cli->conn, es);
680 TALLOC_FREE(auth_ntlmssp_state);
681 common_free_encryption_state(&es);
685 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
687 #ifndef SMB_GSS_REQUIRED_FLAGS
688 #define SMB_GSS_REQUIRED_FLAGS (GSS_C_CONF_FLAG|GSS_C_INTEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)
691 /******************************************************************************
692 Get client gss blob to send to a server.
693 ******************************************************************************/
695 static NTSTATUS make_cli_gss_blob(TALLOC_CTX *ctx,
696 struct smb_trans_enc_state *es,
700 DATA_BLOB spnego_blob_in,
701 DATA_BLOB *p_blob_out)
703 const char *krb_mechs[] = {OID_KERBEROS5, NULL};
707 gss_buffer_desc input_name;
708 gss_buffer_desc *p_tok_in;
709 gss_buffer_desc tok_out, tok_in;
710 DATA_BLOB blob_out = data_blob_null;
711 DATA_BLOB blob_in = data_blob_null;
712 char *host_princ_s = NULL;
713 OM_uint32 ret_flags = 0;
714 NTSTATUS status = NT_STATUS_OK;
716 gss_OID_desc nt_hostbased_service =
717 {10, discard_const_p(char, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")};
719 memset(&tok_out, '\0', sizeof(tok_out));
721 /* Get a ticket for the service@host */
722 if (asprintf(&host_princ_s, "%s@%s", service, host) == -1) {
723 return NT_STATUS_NO_MEMORY;
726 input_name.value = host_princ_s;
727 input_name.length = strlen(host_princ_s) + 1;
729 ret = gss_import_name(&min,
731 &nt_hostbased_service,
734 if (ret != GSS_S_COMPLETE) {
735 SAFE_FREE(host_princ_s);
736 return map_nt_error_from_gss(ret, min);
739 if (spnego_blob_in.length == 0) {
740 p_tok_in = GSS_C_NO_BUFFER;
742 /* Remove the SPNEGO wrapper */
743 if (!spnego_parse_auth_response(ctx, spnego_blob_in, status_in, OID_KERBEROS5, &blob_in)) {
744 status = NT_STATUS_UNSUCCESSFUL;
747 tok_in.value = blob_in.data;
748 tok_in.length = blob_in.length;
752 ret = gss_init_sec_context(&min,
753 GSS_C_NO_CREDENTIAL, /* Use our default cred. */
754 &es->s.gss_state->gss_ctx,
756 GSS_C_NO_OID, /* default OID. */
757 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG,
758 GSS_C_INDEFINITE, /* requested ticket lifetime. */
759 NULL, /* no channel bindings */
761 NULL, /* ignore mech type */
764 NULL); /* ignore time_rec */
766 status = map_nt_error_from_gss(ret, min);
767 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
768 ADS_STATUS adss = ADS_ERROR_GSS(ret, min);
769 DEBUG(10,("make_cli_gss_blob: gss_init_sec_context failed with %s\n",
774 if ((ret_flags & SMB_GSS_REQUIRED_FLAGS) != SMB_GSS_REQUIRED_FLAGS) {
775 status = NT_STATUS_ACCESS_DENIED;
778 blob_out = data_blob_talloc(ctx, tok_out.value, tok_out.length);
780 /* Wrap in an SPNEGO wrapper */
781 *p_blob_out = spnego_gen_negTokenInit(ctx, krb_mechs, &blob_out, NULL);
785 data_blob_free(&blob_out);
786 data_blob_free(&blob_in);
787 SAFE_FREE(host_princ_s);
788 gss_release_name(&min, &srv_name);
790 gss_release_buffer(&min, &tok_out);
795 /******************************************************************************
796 Start a SPNEGO gssapi encryption context.
797 ******************************************************************************/
799 NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
801 DATA_BLOB blob_recv = data_blob_null;
802 DATA_BLOB blob_send = data_blob_null;
803 DATA_BLOB param_out = data_blob_null;
804 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
806 const char *servicename;
807 struct smb_trans_enc_state *es = make_cli_enc_state(SMB_TRANS_ENC_GSS);
810 return NT_STATUS_NO_MEMORY;
813 name_to_fqdn(fqdn, cli_state_remote_name(cli));
816 servicename = "cifs";
817 status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
818 if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
819 servicename = "host";
820 status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, NT_STATUS_OK, blob_recv, &blob_send);
821 if (!NT_STATUS_EQUAL(status,NT_STATUS_MORE_PROCESSING_REQUIRED)) {
827 data_blob_free(&blob_recv);
828 status = enc_blob_send_receive(cli, &blob_send, &blob_recv, ¶m_out);
829 if (param_out.length == 2) {
830 es->enc_ctx_num = SVAL(param_out.data, 0);
832 data_blob_free(&blob_send);
833 status = make_cli_gss_blob(talloc_tos(), es, servicename, fqdn, status, blob_recv, &blob_send);
834 } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
835 data_blob_free(&blob_recv);
837 if (NT_STATUS_IS_OK(status)) {
839 /* Replace the old state, if any. */
840 smb1cli_conn_set_encryption(cli->conn, es);
846 common_free_encryption_state(&es);
850 NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
852 return NT_STATUS_NOT_SUPPORTED;
856 /********************************************************************
857 Ensure a connection is encrypted.
858 ********************************************************************/
860 NTSTATUS cli_force_encryption(struct cli_state *c,
861 const char *username,
862 const char *password,
866 uint32 caplow, caphigh;
869 if (!SERVER_HAS_UNIX_CIFS(c)) {
870 return NT_STATUS_NOT_SUPPORTED;
873 status = cli_unix_extensions_version(c, &major, &minor, &caplow,
875 if (!NT_STATUS_IS_OK(status)) {
876 DEBUG(10, ("cli_force_encryption: cli_unix_extensions_version "
877 "returned %s\n", nt_errstr(status)));
878 return NT_STATUS_UNKNOWN_REVISION;
881 if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
882 return NT_STATUS_UNSUPPORTED_COMPRESSION;
885 if (c->use_kerberos) {
886 return cli_gss_smb_encryption_start(c);
888 return cli_raw_ntlm_smb_encryption_start(c,
git.samba.org / mat / samba.git / blob