From 1abae1c255c32c7da713e218c1c8b35f37c60c1c Mon Sep 17 00:00:00 2001
From: Jule Anger <janger@samba.org>
Date: Mon, 9 May 2022 10:11:38 +0200
Subject: [PATCH] smbstatus: add encryption and signing to connections

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/utils/status.c            | 10 ++++++-
 source3/utils/status_json.c       | 57 ++++++++++++++++++++++++++++++++++++++-
 source3/utils/status_json.h       |  6 ++++-
 source3/utils/status_json_dummy.c |  6 ++++-
 4 files changed, 75 insertions(+), 4 deletions(-)

diff --git a/source3/utils/status.c b/source3/utils/status.c
index e428110fb12..0dfb8e9b25c 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -456,7 +456,9 @@ static int traverse_connections(const struct connections_data *crec,
 	char *timestr = NULL;
 	int result = 0;
 	const char *encryption = "-";
+	enum crypto_degree encryption_degree = CRYPTO_DEGREE_NONE;
 	const char *signing = "-";
+	enum crypto_degree signing_degree = CRYPTO_DEGREE_NONE;
 	struct traverse_state *state = (struct traverse_state *)private_data;
 
 	TALLOC_CTX *tmp_ctx = talloc_stackframe();
@@ -497,6 +499,7 @@ static int traverse_connections(const struct connections_data *crec,
 			result = -1;
 			break;
 		}
+		encryption_degree = CRYPTO_DEGREE_FULL;
 	}
 
 	if (smbXsrv_is_signed(crec->signing_flags)) {
@@ -518,6 +521,7 @@ static int traverse_connections(const struct connections_data *crec,
 			result = -1;
 			break;
 		}
+		signing_degree = CRYPTO_DEGREE_FULL;
 	}
 
 	if (!state->json_output) {
@@ -530,7 +534,11 @@ static int traverse_connections(const struct connections_data *crec,
 						     signing);
 	} else {
 		result = traverse_connections_json(state,
-						   crec);
+						   crec,
+						   encryption,
+						   encryption_degree,
+						   signing,
+						   signing_degree);
 	}
 
 	TALLOC_FREE(timestr);
diff --git a/source3/utils/status_json.c b/source3/utils/status_json.c
index 3f76cea3c7f..0eadd1a1867 100644
--- a/source3/utils/status_json.c
+++ b/source3/utils/status_json.c
@@ -126,8 +126,53 @@ int add_section_to_json(struct traverse_state *state,
 	return result;
 }
 
+static int add_crypto_to_json(struct json_object *parent_json,
+			      const char *key,
+			      const char *cipher,
+			      enum crypto_degree degree)
+{
+	struct json_object sub_json;
+	const char *degree_str;
+	int result;
+
+	if (degree == CRYPTO_DEGREE_NONE) {
+		degree_str = "none";
+	} else if (degree == CRYPTO_DEGREE_PARTIAL) {
+		degree_str = "partial";
+	} else {
+		degree_str = "full";
+	}
+
+	sub_json = json_new_object();
+	if (json_is_invalid(&sub_json)) {
+		goto failure;
+	}
+
+	result = json_add_string(&sub_json, "cipher", cipher);
+	if (result < 0) {
+		goto failure;
+	}
+	result = json_add_string(&sub_json, "degree", degree_str);
+	if (result < 0) {
+		goto failure;
+	}
+	result = json_add_object(parent_json, key, &sub_json);
+	if (result < 0) {
+		goto failure;
+	}
+
+	return 0;
+failure:
+	json_free(&sub_json);
+	return -1;
+}
+
 int traverse_connections_json(struct traverse_state *state,
-			      const struct connections_data *crec)
+			      const struct connections_data *crec,
+			      const char *encryption_cipher,
+			      enum crypto_degree encryption_degree,
+			      const char *signing_cipher,
+			      enum crypto_degree signing_degree)
 {
 	struct json_object sub_json;
 	struct json_object connections_json;
@@ -189,6 +234,16 @@ int traverse_connections_json(struct traverse_state *state,
 	if (result < 0) {
 		goto failure;
 	}
+	result = add_crypto_to_json(&sub_json, "encryption",
+				   encryption_cipher, encryption_degree);
+	if (result < 0) {
+		goto failure;
+	}
+	result = add_crypto_to_json(&sub_json, "signing",
+				   signing_cipher, signing_degree);
+	if (result < 0) {
+		goto failure;
+	}
 
 	result = json_add_object(&connections_json, tcon_id_str, &sub_json);
 	if (result < 0) {
diff --git a/source3/utils/status_json.h b/source3/utils/status_json.h
index d21f3e6da47..758fc8a6b98 100644
--- a/source3/utils/status_json.h
+++ b/source3/utils/status_json.h
@@ -28,6 +28,10 @@ int add_section_to_json(struct traverse_state *state,
 int add_general_information_to_json(struct traverse_state *state);
 
 int traverse_connections_json(struct traverse_state *state,
-			      const struct connections_data *crec);
+			      const struct connections_data *crec,
+			      const char *encryption_cipher,
+			      enum crypto_degree encryption_degree,
+			      const char *signing_cipher,
+			      enum crypto_degree signing_degree);
 
 #endif
diff --git a/source3/utils/status_json_dummy.c b/source3/utils/status_json_dummy.c
index ec341f42c4a..471d61cdffa 100644
--- a/source3/utils/status_json_dummy.c
+++ b/source3/utils/status_json_dummy.c
@@ -36,7 +36,11 @@ int add_general_information_to_json(struct traverse_state *state)
 }
 
 int traverse_connections_json(struct traverse_state *state,
-			      const struct connections_data *crec)
+			      const struct connections_data *crec,
+			      const char *encryption_cipher,
+			      enum crypto_degree encryption_degree,
+			      const char *signing_cipher,
+			      enum crypto_degree signing_degree)
 {
 	return 0;
 }
-- 
2.11.4.GIT