s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 5503506de97f0ba4d1264be65507383ed9cc2be1..736c565a7a82105c760d42ba79557feed806350a 100644 (file)
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -230,7 +230,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
        if (smbXcli_conn_dfs_supported(c->conn) &&
                        cli_check_msdfs_proxy(ctx, c, sharename,
                                &newserver, &newshare,
-                               force_encrypt, creds)) {
+                               creds)) {
                cli_shutdown(c);
                return do_connect(ctx, newserver,
                                newshare, auth_info,
@@ -1176,7 +1176,6 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
                                const char *sharename,
                                char **pp_newserver,
                                char **pp_newshare,
-                               bool force_encrypt,
                                struct cli_credentials *creds)
 {
        struct client_dfs_referral *refs = NULL;
@@ -1188,6 +1187,8 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
        char *newextrapath = NULL;
        NTSTATUS status;
        const char *remote_name;
+       enum smb_encryption_setting encryption_state =
+               cli_credentials_get_smb_encryption(creds);
 
        if (!cli || !sharename) {
                return false;
@@ -1223,11 +1224,17 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
                return false;
        }
 
-       if (force_encrypt) {
+       if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
                status = cli_cm_force_encryption_creds(cli, creds, "IPC$");
                if (!NT_STATUS_IS_OK(status)) {
-                       cli_state_restore_tcon(cli, orig_tcon);
-                       return false;
+                       switch (encryption_state) {
+                       case SMB_ENCRYPTION_DESIRED:
+                               break;
+                       case SMB_ENCRYPTION_REQUIRED:
+                       default:
+                               cli_state_restore_tcon(cli, orig_tcon);
+                               return false;
+                       }
                }
        }
 

diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index eb58d7c6ac9419109f7c0b00bb5a6c6ec988f64c..5a1055ba773c4e693ea79aebbbc56a6753fc3dd1 100644 (file)
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -587,10 +587,6 @@ SMBC_server_internal(TALLOC_CTX *ctx,
        if (smbXcli_conn_dfs_supported(c->conn) &&
                        cli_check_msdfs_proxy(ctx, c, share,
                                &newserver, &newshare,
-                               /* FIXME: cli_check_msdfs_proxy() does
-                                  not support smbc_smb_encrypt_level type */
-                               context->internal->smb_encryption_level ?
-                                       true : false,
                                creds)) {
                cli_shutdown(c);
                srv = SMBC_server_internal(ctx, context, connect_if_not_found,

diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index 360a39b9a540b05d66cd240a57014196e5b67bfe..e636fc96f501a18ecc204b1bb598c89ec6714ed3 100644 (file)
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -161,7 +161,6 @@ bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
                        const char *sharename,
                        char **pp_newserver,
                        char **pp_newshare,
-                       bool force_encrypt,
                        struct cli_credentials *creds);
 
 /* The following definitions come from libsmb/clientgen.c  */