[SCM] Samba Shared Repository - branch master updated
Isaac Boukris
iboukris at samba.org
Fri Nov 6 11:26:02 UTC 2020
The branch, master has been updated
via 604153525af Remove source4/scripting/devel/createtrust script
via cfaad16ff63 selftest: add a test for the CreateTrustedDomainRelax wrapper
via baf4e2930ee Use the new CreateTrustedDomainRelax()
via c2644032b49 Add CreateTrustedDomainRelax wrapper for fips mode
via a77551bea96 selftest: add a test for py dce transport_encrypted
via eba91f0dfa8 Add py binding for dcerpc_transport_encrypted
via 339bfcd67af Add dcerpc_transport_encrypted()
via f0f8de9d4a4 Add smb2cli_session_get_encryption_cipher()
from c2fcd83ed7b s4:libnet:py_net - free event context in dealloc fn
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 604153525afc892f57a1df710c41ffca275b0dd3
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Nov 5 15:38:19 2020 +0200
Remove source4/scripting/devel/createtrust script
We now have the 'samba-tool domain trust' command.
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Isaac Boukris <iboukris at samba.org>
Autobuild-Date(master): Fri Nov 6 11:25:02 UTC 2020 on sn-devel-184
commit cfaad16ff632df83a881fe5d8ec498bab102c9c9
Author: Isaac Boukris <iboukris at gmail.com>
Date: Tue Sep 1 20:14:29 2020 +0300
selftest: add a test for the CreateTrustedDomainRelax wrapper
Originally copied from 'source4/scripting/devel/createtrust'
(had to drop the TRUST_AUTH_TYPE_VERSION part though, as it
fails against samba DC).
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit baf4e2930ee13b47c23c63c7e945fdc4444f0c69
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Aug 20 12:49:17 2020 +0200
Use the new CreateTrustedDomainRelax()
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit c2644032b49b4160517a7c73634cebc54a76f827
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Aug 20 12:47:12 2020 +0200
Add CreateTrustedDomainRelax wrapper for fips mode
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit a77551bea969ce73a3dc27384d94b4126bef04f7
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Aug 20 12:44:08 2020 +0200
selftest: add a test for py dce transport_encrypted
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit eba91f0dfa8e3267689b4076302e257f4cecd63b
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Aug 20 12:35:01 2020 +0200
Add py binding for dcerpc_transport_encrypted
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 339bfcd67af2675d10287946d8f5dabba1022d57
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Aug 20 12:18:21 2020 +0200
Add dcerpc_transport_encrypted()
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit f0f8de9d4a4e05445e427f00bb10eb34e1110a97
Author: Isaac Boukris <iboukris at gmail.com>
Date: Thu Aug 20 12:09:05 2020 +0200
Add smb2cli_session_get_encryption_cipher()
When 'session->smb2->should_encrypt' is true, the client MUST encrypt
all transport messages (see also MS-SMB2 3.2.4.1.8).
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 13 +++
libcli/smb/smbXcli_base.h | 1 +
python/samba/netcmd/domain.py | 57 +++--------
python/samba/tests/dcerpc/binding.py | 23 ++++-
python/samba/tests/dcerpc/createtrustrelax.py | 131 ++++++++++++++++++++++++++
python/samba/trust_utils.py | 62 ++++++++++++
selftest/knownfail.d/createtrustrelax_server | 1 +
source4/librpc/rpc/dcerpc.h | 2 +
source4/librpc/rpc/dcerpc_smb.c | 11 +++
source4/librpc/rpc/dcerpc_util.c | 13 +++
source4/librpc/rpc/pyrpc.c | 14 +++
source4/scripting/devel/createtrust | 125 ------------------------
source4/selftest/tests.py | 4 +
13 files changed, 287 insertions(+), 170 deletions(-)
create mode 100644 python/samba/tests/dcerpc/createtrustrelax.py
create mode 100644 python/samba/trust_utils.py
create mode 100644 selftest/knownfail.d/createtrustrelax_server
delete mode 100755 source4/scripting/devel/createtrust
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 96726458676..3e020faca3c 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -6436,6 +6436,19 @@ NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
return NT_STATUS_OK;
}
+uint16_t smb2cli_session_get_encryption_cipher(struct smbXcli_session *session)
+{
+ if (session->conn->protocol < PROTOCOL_SMB2_24) {
+ return 0;
+ }
+
+ if (!session->smb2->should_encrypt) {
+ return 0;
+ }
+
+ return session->conn->smb2.server.cipher;
+}
+
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx)
{
struct smbXcli_tcon *tcon;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 2afc7165cd9..db5f5d58799 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -518,6 +518,7 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
const DATA_BLOB channel_key,
const struct iovec *recv_iov);
NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session);
+uint16_t smb2cli_session_get_encryption_cipher(struct smbXcli_session *session);
struct smbXcli_tcon *smbXcli_tcon_create(TALLOC_CTX *mem_ctx);
struct smbXcli_tcon *smbXcli_tcon_copy(TALLOC_CTX *mem_ctx,
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 5f08ddf6007..71dacf67a89 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -102,6 +102,7 @@ from samba.netcmd.pso import cmd_domain_passwordsettings_pso
from samba.netcmd.domain_backup import cmd_domain_backup
from samba.common import get_string
+from samba.trust_utils import CreateTrustedDomainRelax
string_version_to_constant = {
"2008_R2": DS_DOMAIN_FUNCTION_2008_R2,
@@ -2528,54 +2529,20 @@ class cmd_domain_trust_create(DomainTrustCommand):
return blob
- def generate_AuthInfoInternal(session_key, incoming=None, outgoing=None):
- confounder = [0] * 512
- for i in range(len(confounder)):
- confounder[i] = random.randint(0, 255)
-
- trustpass = drsblobs.trustDomainPasswords()
-
- trustpass.confounder = confounder
- trustpass.outgoing = outgoing
- trustpass.incoming = incoming
-
- trustpass_blob = ndr_pack(trustpass)
-
- encrypted_trustpass = arcfour_encrypt(session_key, trustpass_blob)
-
- auth_blob = lsa.DATA_BUF2()
- auth_blob.size = len(encrypted_trustpass)
- auth_blob.data = string_to_byte_array(encrypted_trustpass)
-
- auth_info = lsa.TrustDomainInfoAuthInfoInternal()
- auth_info.auth_blob = auth_blob
-
- return auth_info
-
update_time = samba.current_unix_time()
incoming_blob = generate_AuthInOutBlob(incoming_secret, update_time)
outgoing_blob = generate_AuthInOutBlob(outgoing_secret, update_time)
- local_tdo_handle = None
- remote_tdo_handle = None
-
- local_auth_info = generate_AuthInfoInternal(local_lsa.session_key,
- incoming=incoming_blob,
- outgoing=outgoing_blob)
- if remote_trust_info:
- remote_auth_info = generate_AuthInfoInternal(remote_lsa.session_key,
- incoming=outgoing_blob,
- outgoing=incoming_blob)
-
try:
if remote_trust_info:
self.outf.write("Creating remote TDO.\n")
current_request = {"location": "remote", "name": "CreateTrustedDomainEx2"}
- remote_tdo_handle = \
- remote_lsa.CreateTrustedDomainEx2(remote_policy,
- remote_trust_info,
- remote_auth_info,
- lsa.LSA_TRUSTED_DOMAIN_ALL_ACCESS)
+ remote_tdo_handle = CreateTrustedDomainRelax(remote_lsa,
+ remote_policy,
+ remote_trust_info,
+ lsa.LSA_TRUSTED_DOMAIN_ALL_ACCESS,
+ outgoing_blob,
+ incoming_blob)
self.outf.write("Remote TDO created.\n")
if enc_types:
self.outf.write("Setting supported encryption types on remote TDO.\n")
@@ -2586,10 +2553,12 @@ class cmd_domain_trust_create(DomainTrustCommand):
self.outf.write("Creating local TDO.\n")
current_request = {"location": "local", "name": "CreateTrustedDomainEx2"}
- local_tdo_handle = local_lsa.CreateTrustedDomainEx2(local_policy,
- local_trust_info,
- local_auth_info,
- lsa.LSA_TRUSTED_DOMAIN_ALL_ACCESS)
+ local_tdo_handle = CreateTrustedDomainRelax(local_lsa,
+ local_policy,
+ local_trust_info,
+ lsa.LSA_TRUSTED_DOMAIN_ALL_ACCESS,
+ incoming_blob,
+ outgoing_blob)
self.outf.write("Local TDO created\n")
if enc_types:
self.outf.write("Setting supported encryption types on local TDO.\n")
diff --git a/python/samba/tests/dcerpc/binding.py b/python/samba/tests/dcerpc/binding.py
index 8e0d6a5ef0a..24e4ac77d89 100644
--- a/python/samba/tests/dcerpc/binding.py
+++ b/python/samba/tests/dcerpc/binding.py
@@ -22,7 +22,7 @@ import samba.tests
from samba.tests import RpcInterfaceTestCase, TestCase
from samba.dcerpc import lsa
import samba.dcerpc.security as security
-from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED
+from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED, SMB_ENCRYPTION_OFF
from samba import NTSTATUSError
class RpcBindingTests(RpcInterfaceTestCase):
@@ -40,6 +40,26 @@ class RpcBindingTests(RpcInterfaceTestCase):
c.set_password(password)
return c
+ def test_smb3_dcerpc_no_encryption(self):
+ creds = self.get_user_creds()
+ creds.set_smb_encryption(SMB_ENCRYPTION_OFF)
+
+ lp = self.get_loadparm()
+ lp.set('client ipc max protocol', 'SMB3')
+ lp.set('client ipc min protocol', 'SMB3')
+
+ binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
+ lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+ self.assertFalse(lsa_conn.transport_encrypted())
+
+ objectAttr = lsa.ObjectAttribute()
+ objectAttr.sec_qos = lsa.QosInfo()
+
+ pol_handle = lsa_conn.OpenPolicy2('',
+ objectAttr,
+ security.SEC_FLAG_MAXIMUM_ALLOWED)
+ self.assertIsNotNone(pol_handle)
+
def test_smb3_dcerpc_encryption(self):
creds = self.get_user_creds()
creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED)
@@ -50,6 +70,7 @@ class RpcBindingTests(RpcInterfaceTestCase):
binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+ self.assertTrue(lsa_conn.transport_encrypted())
objectAttr = lsa.ObjectAttribute()
objectAttr.sec_qos = lsa.QosInfo()
diff --git a/python/samba/tests/dcerpc/createtrustrelax.py b/python/samba/tests/dcerpc/createtrustrelax.py
new file mode 100644
index 00000000000..48beb0f9680
--- /dev/null
+++ b/python/samba/tests/dcerpc/createtrustrelax.py
@@ -0,0 +1,131 @@
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) Andrew Bartlett 2011
+# Copyright (C) Isaac Boukris 2020
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests for the CreateTrustedDomainRelax wrapper"""
+
+import os
+import samba
+from samba.tests import TestCase
+from samba.dcerpc import lsa, security, drsblobs
+from samba.credentials import Credentials, SMB_ENCRYPTION_REQUIRED, SMB_ENCRYPTION_OFF
+from samba.trust_utils import CreateTrustedDomainRelax
+
+class CreateTrustedDomainRelaxTest(TestCase):
+ def setUp(self):
+ super(CreateTrustedDomainRelaxTest, self).setUp()
+
+ def get_user_creds(self):
+ c = Credentials()
+ c.guess()
+ domain = samba.tests.env_get_var_value('DOMAIN')
+ username = samba.tests.env_get_var_value('USERNAME')
+ password = samba.tests.env_get_var_value('PASSWORD')
+ c.set_domain(domain)
+ c.set_username(username)
+ c.set_password(password)
+ return c
+
+ def _create_trust_relax(self, smbencrypt=True):
+ creds = self.get_user_creds()
+
+ if smbencrypt:
+ creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED)
+ else:
+ creds.set_smb_encryption(SMB_ENCRYPTION_OFF)
+
+ lp = self.get_loadparm()
+
+ binding_string = ("ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')))
+ lsa_conn = lsa.lsarpc(binding_string, lp, creds)
+
+ if smbencrypt:
+ self.assertTrue(lsa_conn.transport_encrypted())
+ else:
+ self.assertFalse(lsa_conn.transport_encrypted())
+
+ objectAttr = lsa.ObjectAttribute()
+ objectAttr.sec_qos = lsa.QosInfo()
+
+ pol_handle = lsa_conn.OpenPolicy2('',
+ objectAttr,
+ security.SEC_FLAG_MAXIMUM_ALLOWED)
+ self.assertIsNotNone(pol_handle)
+
+ name = lsa.String()
+ name.string = "tests.samba.example.com"
+ try:
+ info = lsa_conn.QueryTrustedDomainInfoByName(pol_handle, name,
+ lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO)
+
+ lsa_conn.DeleteTrustedDomain(pol_handle, info.info_ex.sid)
+ except RuntimeError:
+ pass
+
+ info = lsa.TrustDomainInfoInfoEx()
+ info.domain_name.string = name.string
+ info.netbios_name.string = "createtrustrelax"
+ info.sid = security.dom_sid("S-1-5-21-538490383-3740119673-95748416")
+ info.trust_direction = lsa.LSA_TRUST_DIRECTION_INBOUND | lsa.LSA_TRUST_DIRECTION_OUTBOUND
+ info.trust_type = lsa.LSA_TRUST_TYPE_UPLEVEL
+ info.trust_attributes = lsa.LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
+
+ password_blob = samba.string_to_byte_array("password".encode('utf-16-le'))
+
+ clear_value = drsblobs.AuthInfoClear()
+ clear_value.size = len(password_blob)
+ clear_value.password = password_blob
+
+ clear_authentication_information = drsblobs.AuthenticationInformation()
+ clear_authentication_information.LastUpdateTime = 0
+ clear_authentication_information.AuthType = lsa.TRUST_AUTH_TYPE_CLEAR
+ clear_authentication_information.AuthInfo = clear_value
+
+ authentication_information_array = drsblobs.AuthenticationInformationArray()
+ authentication_information_array.count = 1
+ authentication_information_array.array = [clear_authentication_information]
+
+ outgoing = drsblobs.trustAuthInOutBlob()
+ outgoing.count = 1
+ outgoing.current = authentication_information_array
+
+ trustdom_handle = None
+ try:
+ trustdom_handle = CreateTrustedDomainRelax(lsa_conn,
+ pol_handle,
+ info,
+ security.SEC_STD_DELETE,
+ outgoing,
+ outgoing)
+ except samba.NTSTATUSError as nt:
+ raise AssertionError(nt)
+ except OSError as e:
+ if smbencrypt:
+ raise AssertionError(e)
+
+ if smbencrypt:
+ self.assertIsNotNone(trustdom_handle)
+ lsa_conn.DeleteTrustedDomain(pol_handle, info.sid)
+ else:
+ self.assertIsNone(trustdom_handle)
+
+ def test_create_trust_relax_encrypt(self):
+ self._create_trust_relax(True)
+
+ def test_create_trust_relax_no_enc(self):
+ self._create_trust_relax(False)
diff --git a/python/samba/trust_utils.py b/python/samba/trust_utils.py
new file mode 100644
index 00000000000..b4df0fa5bb8
--- /dev/null
+++ b/python/samba/trust_utils.py
@@ -0,0 +1,62 @@
+# trust utils
+#
+# Copyright Isaac Boukris 2020
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+from samba.dcerpc import lsa, drsblobs
+from samba.ndr import ndr_pack
+from samba import arcfour_encrypt, string_to_byte_array
+import random
+from samba import crypto
+
+def CreateTrustedDomainRelax(lsaconn, policy, trust_info, mask, in_blob, out_blob):
+
+ def generate_AuthInfoInternal(session_key, incoming=None, outgoing=None):
+ confounder = [0] * 512
+ for i in range(len(confounder)):
+ confounder[i] = random.randint(0, 255)
+
+ trustpass = drsblobs.trustDomainPasswords()
+
+ trustpass.confounder = confounder
+ trustpass.outgoing = outgoing
+ trustpass.incoming = incoming
+
+ trustpass_blob = ndr_pack(trustpass)
+
+ encrypted_trustpass = arcfour_encrypt(session_key, trustpass_blob)
+
+ auth_blob = lsa.DATA_BUF2()
+ auth_blob.size = len(encrypted_trustpass)
+ auth_blob.data = string_to_byte_array(encrypted_trustpass)
+
+ auth_info = lsa.TrustDomainInfoAuthInfoInternal()
+ auth_info.auth_blob = auth_blob
+
+ return auth_info
+
+ session_key = lsaconn.session_key
+
+ try:
+ if lsaconn.transport_encrypted():
+ crypto.set_relax_mode()
+ auth_info = generate_AuthInfoInternal(session_key,
+ incoming=in_blob,
+ outgoing=out_blob)
+ finally:
+ crypto.set_strict_mode()
+
+ return lsaconn.CreateTrustedDomainEx2(policy, trust_info, auth_info, mask)
diff --git a/selftest/knownfail.d/createtrustrelax_server b/selftest/knownfail.d/createtrustrelax_server
new file mode 100644
index 00000000000..80effda8343
--- /dev/null
+++ b/selftest/knownfail.d/createtrustrelax_server
@@ -0,0 +1 @@
+^samba.tests.dcerpc.createtrustrelax.samba.tests.dcerpc.createtrustrelax.CreateTrustedDomainRelaxTest.test_create_trust_relax_encrypt\(ad_dc_fips\)
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 6b0b841d64d..57124f10778 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -87,6 +87,7 @@ struct dcecli_connection {
struct dcerpc_transport {
enum dcerpc_transport_t transport;
void *private_data;
+ bool encrypted;
struct tstream_context *stream;
/** to serialize write events */
@@ -181,6 +182,7 @@ NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
const struct ndr_interface_table *table);
NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
DATA_BLOB *session_key);
+bool dcerpc_transport_encrypted(struct dcerpc_pipe *p);
struct composite_context;
NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
struct dcerpc_pipe **p2);
diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index 8719ff9821e..259de719928 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -147,6 +147,7 @@ static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq)
struct dcerpc_pipe_open_smb_state);
struct composite_context *ctx = state->ctx;
struct dcecli_connection *c = state->c;
+ uint16_t enc_cipher;
ctx->status = tstream_smbXcli_np_open_recv(subreq,
state->smb,
@@ -175,6 +176,16 @@ static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq)
/* Over-ride the default session key with the SMB session key */
c->security_state.session_key = smb_session_key;
+ enc_cipher = smb2cli_session_get_encryption_cipher(state->smb->session);
+ switch (enc_cipher) {
+ case SMB2_ENCRYPTION_AES128_CCM:
+ case SMB2_ENCRYPTION_AES128_GCM:
+ c->transport.encrypted = true;
+ break;
+ default:
+ c->transport.encrypted = false;
+ }
+
c->transport.private_data = talloc_move(c, &state->smb);
composite_done(ctx);
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index bd79a072bc8..6ea27a8d9a3 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -743,6 +743,19 @@ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
return NT_STATUS_OK;
}
+_PUBLIC_ bool dcerpc_transport_encrypted(struct dcerpc_pipe *p)
+{
+ if (p == NULL) {
+ return false;
+ }
+
+ if (p->conn == NULL) {
+ return false;
+ }
+
+ return p->conn->transport.encrypted;
+}
+
/*
create a secondary context from a primary connection
diff --git a/source4/librpc/rpc/pyrpc.c b/source4/librpc/rpc/pyrpc.c
index be914ed5f14..309a6d72e26 100644
--- a/source4/librpc/rpc/pyrpc.c
+++ b/source4/librpc/rpc/pyrpc.c
@@ -293,11 +293,25 @@ static PyObject *py_iface_request(PyObject *self, PyObject *args, PyObject *kwar
return ret;
}
+static PyObject *py_iface_transport_encrypted(PyObject *self)
+{
+ dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)self;
+
+ if (dcerpc_transport_encrypted(iface->pipe)) {
+ Py_RETURN_TRUE;
+ }
+
+ Py_RETURN_FALSE;
+}
+
static PyMethodDef dcerpc_interface_methods[] = {
{ "request", PY_DISCARD_FUNC_SIG(PyCFunction, py_iface_request),
METH_VARARGS|METH_KEYWORDS,
"S.request(opnum, data, object=None) -> data\n"
"Make a raw request" },
+ { "transport_encrypted", PY_DISCARD_FUNC_SIG(PyCFunction, py_iface_transport_encrypted),
+ METH_NOARGS,
+ "Check if the DCE transport is encrypted" },
{ NULL, NULL, 0, NULL },
};
diff --git a/source4/scripting/devel/createtrust b/source4/scripting/devel/createtrust
deleted file mode 100755
index 26b0d0dcb68..00000000000
--- a/source4/scripting/devel/createtrust
+++ /dev/null
@@ -1,125 +0,0 @@
-#!/usr/bin/env python3
-
-# create a domain trust
-
-import sys
--
Samba Shared Repository
More information about the samba-cvs
mailing list