diff options
| author | Michael Adam <obnox@samba.org> | 2015-06-30 14:16:19 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2015-07-19 20:13:10 +0200 |
| commit | b615fb6cc5eed3320d635f6ca06c12cd408e89a1 (patch) | |
| tree | 244da6b09a2555c6f57d1669e3f07fc4f3700d6b | |
| parent | 0b97972bb1e31acbded8c8b674594441c1544269 (diff) | |
| download | samba-b615fb6cc5eed3320d635f6ca06c12cd408e89a1.tar.gz | |
Introduce setting "desired" for 'smb encrypt' and 'client/server signing'
This should trigger the behaviour where the server requires
signing when the client supports it, but does not reject
clients that don't support it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 204cbe3645c59b43175beeadad792b4a00e80da3)
| -rw-r--r-- | lib/param/param_table.c | 1 | ||||
| -rw-r--r-- | libcli/smb/smbXcli_base.c | 6 | ||||
| -rw-r--r-- | libcli/smb/smb_constants.h | 1 | ||||
| -rw-r--r-- | source4/smb_server/smb2/negprot.c | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/lib/param/param_table.c b/lib/param/param_table.c index d590bd11e45..aa1696990bc 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -101,6 +101,7 @@ static const struct enum_list enum_smb_signing_vals[] = { {SMB_SIGNING_IF_REQUIRED, "On"}, {SMB_SIGNING_IF_REQUIRED, "enabled"}, {SMB_SIGNING_IF_REQUIRED, "auto"}, + {SMB_SIGNING_DESIRED, "desired"}, {SMB_SIGNING_REQUIRED, "required"}, {SMB_SIGNING_REQUIRED, "mandatory"}, {SMB_SIGNING_REQUIRED, "force"}, diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 0c6a6d29476..5063e591784 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -354,6 +354,12 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx, conn->desire_signing = false; conn->mandatory_signing = false; break; + case SMB_SIGNING_DESIRED: + /* if the server desires it */ + conn->allow_signing = true; + conn->desire_signing = true; + conn->mandatory_signing = false; + break; case SMB_SIGNING_REQUIRED: /* always */ conn->allow_signing = true; diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h index 175ffafc4d1..6dbaa288e2e 100644 --- a/libcli/smb/smb_constants.h +++ b/libcli/smb/smb_constants.h @@ -94,6 +94,7 @@ enum smb_signing_setting { SMB_SIGNING_DEFAULT = -1, SMB_SIGNING_OFF = 0, SMB_SIGNING_IF_REQUIRED = 1, + SMB_SIGNING_DESIRED = 2, SMB_SIGNING_REQUIRED = 3, }; diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 83cae18bf31..6a8f6efc2df 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -150,6 +150,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 case SMB_SIGNING_OFF: io->out.security_mode = 0; break; + case SMB_SIGNING_DESIRED: case SMB_SIGNING_IF_REQUIRED: io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; break; |