s3:utils: let smbstatus report anonymous signing/encryption explicitly

We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/utils/status.c b/source3/utils/status.c
index d1ebc676eee331299bf405e6e8ddc46aa14b5e3c..9875f0dd12bc6e859fb4b50f375baad1dfcddb67 100644 (file)
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -470,6 +470,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
 
        if (encryption_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(encryption, "%s", encryption_cipher);
+       } else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
        } else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
        } else {
@@ -477,6 +479,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
        }
        if (signing_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(signing, "%s", signing_cipher);
+       } else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
        } else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(signing, "partial(%s)", signing_cipher);
        } else {
@@ -564,6 +568,11 @@ static int traverse_connections(const struct connections_data *crec,
                } else if (smbXsrv_is_partially_encrypted(crec->encryption_flags)) {
                        encryption_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (encryption_degree != CRYPTO_DEGREE_NONE &&
+                   !crec->authenticated)
+               {
+                       encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (smbXsrv_is_signed(crec->signing_flags) ||
@@ -592,6 +601,11 @@ static int traverse_connections(const struct connections_data *crec,
                } else if (smbXsrv_is_partially_signed(crec->signing_flags)) {
                        signing_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (signing_degree != CRYPTO_DEGREE_NONE &&
+                   !crec->authenticated)
+               {
+                       signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (!state->json_output) {
@@ -634,6 +648,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
 
        if (encryption_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(encryption, "%s", encryption_cipher);
+       } else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
        } else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
        } else {
@@ -641,6 +657,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
        }
        if (signing_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(signing, "%s", signing_cipher);
+       } else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
        } else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(signing, "partial(%s)", signing_cipher);
        } else {
@@ -775,6 +793,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                } else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
                        encryption_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (encryption_degree != CRYPTO_DEGREE_NONE &&
+                   !session->authenticated)
+               {
+                       encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (smbXsrv_is_signed(session->signing_flags) ||
@@ -802,6 +825,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                } else if (smbXsrv_is_partially_signed(session->signing_flags)) {
                        signing_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (signing_degree != CRYPTO_DEGREE_NONE &&
+                   !session->authenticated)
+               {
+                       signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
 

diff --git a/source3/utils/status.h b/source3/utils/status.h
index c08aba4c26245f5f3248a1c73fbd98f65ee44976..6674f0db54fe6a775a335e245a7a73c8f6d1bf48 100644 (file)
--- a/source3/utils/status.h
+++ b/source3/utils/status.h
@@ -38,6 +38,7 @@ struct traverse_state {
 enum crypto_degree {
         CRYPTO_DEGREE_NONE,
         CRYPTO_DEGREE_PARTIAL,
+        CRYPTO_DEGREE_ANONYMOUS,
         CRYPTO_DEGREE_FULL
 };
 

diff --git a/source3/utils/status_json.c b/source3/utils/status_json.c
index 79cb1dfe1e412f1778deebfe78ee8435cbb5a572..850fc67e5513c8f845d2462b34c4727af3d3b32f 100644 (file)
--- a/source3/utils/status_json.c
+++ b/source3/utils/status_json.c
@@ -257,6 +257,8 @@ static int add_crypto_to_json(struct json_object *parent_json,
 
        if (degree == CRYPTO_DEGREE_NONE) {
                degree_str = "none";
+       } else if (degree == CRYPTO_DEGREE_ANONYMOUS) {
+               degree_str = "anonymous";
        } else if (degree == CRYPTO_DEGREE_PARTIAL) {
                degree_str = "partial";
        } else {