CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function

This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 039176e5cacceddba6f90c910e44c0f08396dcd4..44afee1d4a099cbbfaba61416788b9d2b7510cf9 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -321,6 +321,19 @@ uint32_t cli_getpid(struct cli_state *cli)
        return cli->smb1.pid;
 }
 
+bool cli_state_is_encryption_on(struct cli_state *cli)
+{
+       if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+               return smb1cli_conn_encryption_on(cli->conn);
+       }
+
+       if (cli->smb2.tcon == NULL) {
+               return false;
+       }
+
+       return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
+}
+
 bool cli_state_has_tcon(struct cli_state *cli)
 {
        uint32_t tid;

diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index a74433f623e27e9aeefb3f19b2310043b8f8a29e..4ae566cca1c249b4a1b9f0a068c1d4328e6d27cd 100644 (file)
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -200,6 +200,7 @@ void cli_shutdown(struct cli_state *cli);
 uint16_t cli_state_get_vc_num(struct cli_state *cli);
 uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
 uint32_t cli_getpid(struct cli_state *cli);
+bool cli_state_is_encryption_on(struct cli_state *cli);
 bool cli_state_has_tcon(struct cli_state *cli);
 uint32_t cli_state_get_tid(struct cli_state *cli);
 uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid);