s3:client: make use of cli_smb1_setup_encryption() in cmd_posix_encrypt()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/client/client.c b/source3/client/client.c
index cde9776db9a29c560508dab42e977a2fa4ff546c..226eb2775730601638e75c88fac5f1fbeb1fc5f0 100644 (file)
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -2535,35 +2535,53 @@ static int cmd_posix_encrypt(void)
 {
        TALLOC_CTX *ctx = talloc_tos();
        NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+       char *domain = NULL;
+       char *user = NULL;
+       char *password = NULL;
+       struct cli_credentials *creds = NULL;
+       struct cli_credentials *lcreds = NULL;
 
-       if (cli->use_kerberos) {
-               status = cli_gss_smb_encryption_start(cli);
-       } else {
-               char *domain = NULL;
-               char *user = NULL;
-               char *password = NULL;
+       if (next_token_talloc(ctx, &cmd_ptr, &domain, NULL)) {
 
-               if (!next_token_talloc(ctx, &cmd_ptr,&domain,NULL)) {
+               if (!next_token_talloc(ctx, &cmd_ptr, &user, NULL)) {
                        d_printf("posix_encrypt domain user password\n");
                        return 1;
                }
 
-               if (!next_token_talloc(ctx, &cmd_ptr,&user,NULL)) {
+               if (!next_token_talloc(ctx, &cmd_ptr, &password, NULL)) {
                        d_printf("posix_encrypt domain user password\n");
                        return 1;
                }
 
-               if (!next_token_talloc(ctx, &cmd_ptr,&password,NULL)) {
+               lcreds = cli_session_creds_init(ctx,
+                                               user,
+                                               domain,
+                                               NULL, /* realm */
+                                               password,
+                                               false, /* use_kerberos */
+                                               false, /* fallback_after_kerberos */
+                                               false, /* use_ccache */
+                                               false); /* password_is_nt_hash */
+               if (lcreds == NULL) {
+                       d_printf("cli_session_creds_init() failed.\n");
+                       return -1;
+               }
+               creds = lcreds;
+       } else {
+               bool auth_requested = false;
+
+               creds = get_cmdline_auth_info_creds(auth_info);
+
+               auth_requested = cli_credentials_authentication_requested(creds);
+               if (!auth_requested) {
                        d_printf("posix_encrypt domain user password\n");
                        return 1;
                }
-
-               status = cli_raw_ntlm_smb_encryption_start(cli,
-                                                       user,
-                                                       password,
-                                                       domain);
        }
 
+       status = cli_smb1_setup_encryption(cli, creds);
+       /* gensec currently references the creds so we can't free them here */
+       talloc_unlink(ctx, lcreds);
        if (!NT_STATUS_IS_OK(status)) {
                d_printf("posix_encrypt failed with error %s\n", nt_errstr(status));
        } else {