s3:utils: let smbstatus report anonymous signing/encryption explicitly

We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224

diff --git a/source3/utils/status.c b/source3/utils/status.c
index d31a145451d639bd947a6e3bb3145a6499fa874c..02a5f6dbaba15613e1f635e8429fe96fd8705a48 100644 (file)
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -493,6 +493,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
 
        if (encryption_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(encryption, "%s", encryption_cipher);
+       } else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
        } else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
        } else {
@@ -500,6 +502,8 @@ static int traverse_connections_stdout(struct traverse_state *state,
        }
        if (signing_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(signing, "%s", signing_cipher);
+       } else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
        } else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(signing, "partial(%s)", signing_cipher);
        } else {
@@ -586,6 +590,11 @@ static int traverse_connections(const struct connections_data *crec,
                } else if (smbXsrv_is_partially_encrypted(crec->encryption_flags)) {
                        encryption_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (encryption_degree != CRYPTO_DEGREE_NONE &&
+                   !crec->authenticated)
+               {
+                       encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (smbXsrv_is_signed(crec->signing_flags) ||
@@ -613,6 +622,11 @@ static int traverse_connections(const struct connections_data *crec,
                } else if (smbXsrv_is_partially_signed(crec->signing_flags)) {
                        signing_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (signing_degree != CRYPTO_DEGREE_NONE &&
+                   !crec->authenticated)
+               {
+                       signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (!state->json_output) {
@@ -655,6 +669,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
 
        if (encryption_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(encryption, "%s", encryption_cipher);
+       } else if (encryption_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(encryption, "anonymous(%s)", encryption_cipher);
        } else if (encryption_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(encryption, "partial(%s)", encryption_cipher);
        } else {
@@ -662,6 +678,8 @@ static int traverse_sessionid_stdout(struct traverse_state *state,
        }
        if (signing_degree == CRYPTO_DEGREE_FULL) {
                fstr_sprintf(signing, "%s", signing_cipher);
+       } else if (signing_degree == CRYPTO_DEGREE_ANONYMOUS) {
+               fstr_sprintf(signing, "anonymous(%s)", signing_cipher);
        } else if (signing_degree == CRYPTO_DEGREE_PARTIAL) {
                fstr_sprintf(signing, "partial(%s)", signing_cipher);
        } else {
@@ -796,6 +814,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                } else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
                        encryption_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (encryption_degree != CRYPTO_DEGREE_NONE &&
+                   !session->authenticated)
+               {
+                       encryption_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
        if (smbXsrv_is_signed(session->signing_flags) ||
@@ -823,6 +846,11 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                } else if (smbXsrv_is_partially_signed(session->signing_flags)) {
                        signing_degree = CRYPTO_DEGREE_PARTIAL;
                }
+               if (signing_degree != CRYPTO_DEGREE_NONE &&
+                   !session->authenticated)
+               {
+                       signing_degree = CRYPTO_DEGREE_ANONYMOUS;
+               }
        }
 
 

diff --git a/source3/utils/status.h b/source3/utils/status.h
index c08aba4c26245f5f3248a1c73fbd98f65ee44976..6674f0db54fe6a775a335e245a7a73c8f6d1bf48 100644 (file)
--- a/source3/utils/status.h
+++ b/source3/utils/status.h
@@ -38,6 +38,7 @@ struct traverse_state {
 enum crypto_degree {
         CRYPTO_DEGREE_NONE,
         CRYPTO_DEGREE_PARTIAL,
+        CRYPTO_DEGREE_ANONYMOUS,
         CRYPTO_DEGREE_FULL
 };
 

diff --git a/source3/utils/status_json.c b/source3/utils/status_json.c
index ee24a3b31d97f495c96289fbee8965d81e703324..f558c91dec71de1e817e825ef8e8ce921b9a313b 100644 (file)
--- a/source3/utils/status_json.c
+++ b/source3/utils/status_json.c
@@ -258,6 +258,8 @@ static int add_crypto_to_json(struct json_object *parent_json,
 
        if (degree == CRYPTO_DEGREE_NONE) {
                degree_str = "none";
+       } else if (degree == CRYPTO_DEGREE_ANONYMOUS) {
+               degree_str = "anonymous";
        } else if (degree == CRYPTO_DEGREE_PARTIAL) {
                degree_str = "partial";
        } else {