uint8_t *inbuf;
+ struct tevent_req *write_req;
+
struct {
/* Space for the header including the wct */
uint8_t hdr[HDR_VWV];
conn->desire_signing = false;
conn->mandatory_signing = false;
break;
+ case SMB_SIGNING_DESIRED:
+ /* if the server desires it */
+ conn->allow_signing = true;
+ conn->desire_signing = true;
+ conn->mandatory_signing = false;
+ break;
case SMB_SIGNING_REQUIRED:
/* always */
conn->allow_signing = true;
size_t num_pending = talloc_array_length(conn->pending);
size_t i;
+ TALLOC_FREE(state->write_req);
+
if (state->smb1.mid != 0) {
/*
* This is a [nt]trans[2] request which waits
tevent_req_data(req,
struct smbXcli_req_state);
+ TALLOC_FREE(state->write_req);
+
switch (req_state) {
case TEVENT_REQ_RECEIVED:
/*
return NT_STATUS_NO_MEMORY;
}
tevent_req_set_callback(subreq, smb1cli_req_writev_done, req);
+ state->write_req = subreq;
+
return NT_STATUS_OK;
}
ssize_t nwritten;
int err;
+ state->write_req = NULL;
+
nwritten = writev_recv(subreq, &err);
TALLOC_FREE(subreq);
if (nwritten == -1) {
return NT_STATUS_NO_MEMORY;
}
tevent_req_set_callback(subreq, smb2cli_req_writev_done, reqs[0]);
+ state->write_req = subreq;
+
return NT_STATUS_OK;
}
ssize_t nwritten;
int err;
+ state->write_req = NULL;
+
nwritten = writev_recv(subreq, &err);
TALLOC_FREE(subreq);
if (nwritten == -1) {
}
SSVAL(p, 0, 2); /* ChiperCount */
- SSVAL(p, 2, SMB2_ENCRYPTION_AES128_GCM);
- SSVAL(p, 4, SMB2_ENCRYPTION_AES128_CCM);
+ /*
+ * For now we preferr CCM because our implementation
+ * is faster than GCM, see bug #11451.
+ */
+ SSVAL(p, 2, SMB2_ENCRYPTION_AES128_CCM);
+ SSVAL(p, 4, SMB2_ENCRYPTION_AES128_GCM);
b = data_blob_const(p, 6);
status = smb2_negotiate_context_add(state, &c,
if (conn->mandatory_signing) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
+ if (session->smb2->should_sign) {
+ security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+ }
return security_mode;
}
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
{
+ if (!session->smb2->should_sign) {
+ /*
+ * We need required signing on the session
+ * in order to prevent man in the middle attacks.
+ */
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
if (session->smb2->should_encrypt) {
return NT_STATUS_OK;
}
return tcon->smb2.capabilities;
}
+uint32_t smb2cli_tcon_flags(struct smbXcli_tcon *tcon)
+{
+ return tcon->smb2.flags;
+}
+
void smb2cli_tcon_set_values(struct smbXcli_tcon *tcon,
struct smbXcli_session *session,
uint32_t tcon_id,