Changeset 1006 for branches/client-3.0/src

Timestamp:

Jan 15, 2017, 9:08:12 AM (9 years ago)

Author:

Paul Smedley

Message:

Add support for enabling/disabling encryption - fixes #289

Location:

branches/client-3.0/src

Files:

• ndpsmb.c (modified) (3 diffs)
• rc/rc.dlg (modified) (1 diff)
• rc/rc.h (modified) (1 diff)
• rc/rc.rc_ (modified) (2 diffs)
• smbwrp.c (modified) (3 diffs)
• smbwrp.h (modified) (1 diff)

branches/client-3.0/src/ndpsmb.c

@@ -112 +112 @@
         {ND_PROP_ULONG, 0, "KRB5SUPPORT", "0"},
         {ND_PROP_ULONG, 0, "NTLMv1SUPPORT", "0"},
+        {ND_PROP_ULONG, 0, "ENCRYPTIONSUPPORT", "0"},
         {ND_PROP_STRING, 0, NULL, NULL}
 };
@@ -368 +369 @@
         pRes->krb5support = 0;
         pRes->ntlmv1support = 0;
+        pRes->encryptionsupport = 0;
         pRes->pdc = NULL;
 
@@ -498 +500 @@
                 }
         }
-
+        t = 0;
+        rc = ph->fsphQueryUlongProperty (properties, "ENCRYPTIONSUPPORT", &t);
+        if (!rc)
+        {
+                if (t > 1)
+                {
+                        rc = ERROR_INVALID_PARAMETER;
+                }
+                else
+                {
+                        pRes->encryptionsupport = t;
+                }
+        }
         t = 0;
         rc = ph->fsphQueryUlongProperty (properties, "CTO", &t);

branches/client-3.0/src/rc/rc.dlg

@@ -30 +30 @@
                         WS_VISIBLE
         ENTRYFIELD      "", ENT_MASTER, 147, 60, 90, 8, ES_MARGIN
-        LTEXT           "Supports EA", LBL_EASUPPORT, 195, 130, 52, 10, 
+        LTEXT           "Supports EA", LBL_EASUPPORT, 190, 130, 52, 10, 
                         DT_WORDBREAK
         AUTOCHECKBOX    "", CHK_EASUPPORT, 180, 132, 10, 10, WS_GROUP
-        LTEXT           "Supports KRB5", LBL_KRB5SUPPORT, 195, 140, 52, 10, 
+        LTEXT           "Supports KRB5", LBL_KRB5SUPPORT, 190, 140, 52, 10, 
                         DT_WORDBREAK
         AUTOCHECKBOX    "", CHK_KRB5SUPPORT, 180, 142, 10, 10, WS_GROUP
-        LTEXT           "Support NTLMv1", LBL_NTLMv1SUPPORT, 195, 150, 52, 10, 
+        LTEXT           "Support NTLMv1", LBL_NTLMv1SUPPORT, 190, 150, 52, 10, 
                         DT_WORDBREAK
         AUTOCHECKBOX    "", CHK_NTLMv1SUPPORT, 180, 152, 10, 10, WS_GROUP
+        LTEXT           "Support Encryption", LBL_ENCRYPTIONSUPPORT, 190, 160, 58, 10, 
+                        DT_WORDBREAK
+        AUTOCHECKBOX    "", CHK_ENCRYPTIONSUPPORT, 180, 162, 10, 10, WS_GROUP
         PUSHBUTTON      "Cancel", DID_CANCEL, 7, 6, 56, 14
                         PRESPARAMS PP_FONTNAMESIZE, "9.WarpSans Bold"

branches/client-3.0/src/rc/rc.h

@@ -27 +27 @@
 #define LBL_NTLMv1SUPPORT               1030
 #define CHK_NTLMv1SUPPORT               1031
+#define LBL_ENCRYPTIONSUPPORT               1032
+#define CHK_ENCRYPTIONSUPPORT               1033
 #define LBL_CACHETIMEOUT        1014
 #define SPIN_CACHETIMEOUT       1015

branches/client-3.0/src/rc/rc.rc_

@@ -47 +47 @@
    "    master - name of master server or master workgroup\r\n"
    "    mastertype - 0 if 'master' is the name of master server, 1 if 'master' is the name of master workgroup\r\n"
+   "    encryption - 0 to not support encryption (default), 1 to support\r\n"
+   "    NTLMv1 auth support - 0 to not support NTLMv1 authentication (default), 1 to support\r\n"
+   "    krb5support - 0 to not support kerberos authentication, 1 to support\r\n"
    "    easupport - 0 to not support EA, 1 to support\r\n"
-   "    krb5support - 0 to not support kerberos authentication, 1 to support\r\n"
-   "    NTLMv1 auth support - 0 to not support NTLMv1 authentication (default), 1 to support\r\n"
    "\r\n"
 }
@@ -136 +137 @@
 RCDATA (DLG_ID + 13)
 {
+    CHK_ENCRYPTIONSUPPORT, PARMTYPE_INT, 0L, 1L, "encryptionsupport", "%d", 0L
+}
+
+RCDATA (DLG_ID + 14)
+{
     1
 }

branches/client-3.0/src/smbwrp.c

@@ -247 +247 @@
         int name_type= 0x20;
         int flags = 0;
+        int signing_state = SMB_SIGNING_DEFAULT;
         enum protocol_types protocol;
         const char *name = NULL;
@@ -263 +264 @@
         }
 
+        if (pRes->encryptionsupport) {
+                signing_state = SMB_SIGNING_REQUIRED;
+        }
+
         status = cli_connect_nb(
                 server, NULL, port, name_type, NULL,
-                SMB_SIGNING_DEFAULT, flags, &c);
+                signing_state, flags, &c);
 
         if (!NT_STATUS_IS_OK(status)) {
@@ -417 +422 @@
                 cli_shutdown(c);
                 return status;
+        }
+
+        if (pRes->encryptionsupport) {
+        debuglocal(4,"Attempting to force encryption\n");
+                status = cli_cm_force_encryption(c,
+                                        srv->username,
+                                        srv->password,
+                                        workgroup,
+                                        share);
+                if (!NT_STATUS_IS_OK(status)) {
+                        debuglocal(4,"cli_cm_force_encryption failed: %s\n", nt_errstr(status));
+                        cli_shutdown(c);
+                        return status;
+                }
+        debuglocal(4,"Forcing encryption succeeded!\n");
         }
 

branches/client-3.0/src/smbwrp.h

@@ -141 +141 @@
         int krb5support;
         int ntlmv1support;
+        int encryptionsupport;
         int cachetimeout;
         int cachedepth;