As the encryption is stream based there's no reason

oplock breaks can't be encrypted. If we have multiple
contexts I should probably attach them to the connection
struct, but for now use the global context number.
Jeremy.
(This used to be commit 5b4b335ed0d1dc738f1f099e5c638361f3aede07)

diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index 2c3313606a0495f667d63dc4ee56b486fa656792..8a5b1f4ecd5397d95a6a844212d6db84d1ffc017 100644 (file)
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -252,11 +252,13 @@ static char *new_break_smb_message(TALLOC_CTX *mem_ctx,
        }
 
        memset(result,'\0',smb_size);
-       /* We use cli_set_message here as this is an
-        * asynchronous message that doesn't belong in
-        * the stream.
-        */
-       cli_set_message(result,8,0,True);
+       if (!srv_encryption_on()) {
+               cli_set_message(result,8,0,true);
+       } else {
+               char inbuf[8];
+               smb_set_enclen(inbuf,4,srv_enc_ctx());
+               srv_set_message(inbuf,result,8,0,true);
+       }
        SCVAL(result,smb_com,SMBlockingX);
        SSVAL(result,smb_tid,fsp->conn->cnum);
        SSVAL(result,smb_pid,0xFFFF);

diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index 14a427bb9c65dcbb225cc2ffe990fef4ef83f32e..24ecb77fd5985515643a9109458785a637e24035 100644 (file)
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -47,6 +47,15 @@ bool srv_encryption_on(void)
        return false;
 }
 
+/******************************************************************************
+ Return global enc context - this must change if we ever do multiple contexts.
+******************************************************************************/
+
+uint16 srv_enc_ctx(void)
+{
+       return srv_trans_enc_ctx->es->enc_ctx_num;
+}
+
 /******************************************************************************
  Create an auth_ntlmssp_state and ensure pointer copy is correct.
 ******************************************************************************/