diff options
| author | Stefan Metzmacher <metze@samba.org> | 2021-09-08 15:10:14 +0200 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2021-09-08 16:37:07 +0000 |
| commit | 867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111 (patch) | |
| tree | c4c16561e7075fbeddd19912394fc427c1feaa2c | |
| parent | 16e907f8415ed28e678112f22d1813f09da136f9 (diff) | |
| download | samba-867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111.tar.gz | |
docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values
This matches what smbstatus prints out. Note there's also the removal of
an '-' in "hmac-sha-256" => HMAC-SHA256".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825
RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184
| -rw-r--r-- | docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml | 8 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/clientsmbsigningalgos.xml | 10 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/serversmbencryptionalgos.xml | 8 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/serversmbsigningalgos.xml | 10 | ||||
| -rw-r--r-- | lib/param/loadparm.h | 4 | ||||
| -rw-r--r-- | libcli/smb/util.c | 14 |
6 files changed, 27 insertions, 27 deletions
diff --git a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml index 27da51ad625..78df3f909e9 100644 --- a/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml +++ b/docs-xml/smbdotconf/security/clientsmbencryptionalgos.xml @@ -9,13 +9,13 @@ <para>It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. </para> - <para>Note: that the removal of aes-128-ccm from the list will result + <para>Note: that the removal of AES-128-CCM from the list will result in SMB3_00 and SMB3_02 being unavailable, as it is the default and only available algorithm for these dialects. </para> </description> -<value type="default">aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm</value> -<value type="example">aes-256-gcm</value> -<value type="example">-aes-128-gcm -aes-128-ccm</value> +<value type="default">AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM</value> +<value type="example">AES-256-GCM</value> +<value type="example">-AES-128-GCM -AES-128-CCM</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml index 1ad6c09626f..f7c61f3e661 100644 --- a/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml +++ b/docs-xml/smbdotconf/security/clientsmbsigningalgos.xml @@ -9,14 +9,14 @@ <para>It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. </para> - <para>Note: that the removal of aes-128-cmac from the list will result - in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256 + <para>Note: that the removal of AES-128-CMAC from the list will result + in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256 will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only available algorithms for these dialects. </para> </description> -<value type="default">aes-128-gmac, aes-128-cmac, hmac-sha-256</value> -<value type="example">aes-128-cmac, hmac-sha-256</value> -<value type="example">-aes-128-cmac</value> +<value type="default">AES-128-GMAC, AES-128-CMAC, HMAC-SHA256</value> +<value type="example">AES-128-CMAC, HMAC-SHA256</value> +<value type="example">-AES-128-CMAC</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml index 3217970d4e7..2dd2db98cc5 100644 --- a/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml +++ b/docs-xml/smbdotconf/security/serversmbencryptionalgos.xml @@ -9,13 +9,13 @@ <para>It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. </para> - <para>Note: that the removal of aes-128-ccm from the list will result + <para>Note: that the removal of AES-128-CCM from the list will result in SMB3_00 and SMB3_02 being unavailable, as it is the default and only available algorithm for these dialects. </para> </description> -<value type="default">aes-128-gcm, aes-128-ccm, aes-256-gcm, aes-256-ccm</value> -<value type="example">aes-256-gcm</value> -<value type="example">-aes-128-gcm -aes-128-ccm</value> +<value type="default">AES-128-GCM, AES-128-CCM, AES-256-GCM, AES-256-CCM</value> +<value type="example">AES-256-GCM</value> +<value type="example">-AES-128-GCM -AES-128-CCM</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml index e73d4f04242..7884e603b5b 100644 --- a/docs-xml/smbdotconf/security/serversmbsigningalgos.xml +++ b/docs-xml/smbdotconf/security/serversmbsigningalgos.xml @@ -9,14 +9,14 @@ <para>It is also possible to remove individual algorithms from the default list, by prefixing them with '-'. This can avoid having to specify a hardcoded list. </para> - <para>Note: that the removal of aes-128-cmac from the list will result - in SMB3_00 and SMB3_02 being unavailable, and the removal od hmac-sha-256 + <para>Note: that the removal of AES-128-CMAC from the list will result + in SMB3_00 and SMB3_02 being unavailable, and the removal of HMAC-SHA256 will result in SMB2_02 and SMB2_10 being unavailable, as these are the default and only available algorithms for these dialects. </para> </description> -<value type="default">aes-128-gmac, aes-128-cmac, hmac-sha-256</value> -<value type="example">aes-128-cmac, hmac-sha-256</value> -<value type="example">-aes-128-cmac</value> +<value type="default">AES-128-GMAC, AES-128-CMAC, HMAC-SHA256</value> +<value type="example">AES-128-CMAC, HMAC-SHA256</value> +<value type="example">-AES-128-CMAC</value> </samba:parameter> diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h index a942eaf9472..a3331436229 100644 --- a/lib/param/loadparm.h +++ b/lib/param/loadparm.h @@ -285,8 +285,8 @@ enum samba_weak_crypto { #define DEFAULT_SMB2_MAX_TRANSACT (8*1024*1024) #define DEFAULT_SMB2_MAX_CREDITS 8192 -#define DEFAULT_SMB3_SIGNING_ALGORITHMS "aes-128-gmac aes-128-cmac hmac-sha-256" -#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "aes-128-gcm aes-128-ccm aes-256-gcm aes-256-ccm" +#define DEFAULT_SMB3_SIGNING_ALGORITHMS "AES-128-GMAC AES-128-CMAC HMAC-SHA256" +#define DEFAULT_SMB3_ENCRYPTION_ALGORITHMS "AES-128-GCM AES-128-CCM AES-256-GCM AES-256-CCM" #define LOADPARM_EXTRA_LOCALS \ int usershare; \ diff --git a/libcli/smb/util.c b/libcli/smb/util.c index 061f478c92d..e1c0f124236 100644 --- a/libcli/smb/util.c +++ b/libcli/smb/util.c @@ -466,9 +466,9 @@ enum smb_encryption_setting smb_encryption_setting_translate(const char *str) } static const struct enum_list enum_smb3_signing_algorithms[] = { - {SMB2_SIGNING_AES128_GMAC, "aes-128-gmac"}, - {SMB2_SIGNING_AES128_CMAC, "aes-128-cmac"}, - {SMB2_SIGNING_HMAC_SHA256, "hmac-sha-256"}, + {SMB2_SIGNING_AES128_GMAC, "AES-128-GMAC"}, + {SMB2_SIGNING_AES128_CMAC, "AES-128-CMAC"}, + {SMB2_SIGNING_HMAC_SHA256, "HMAC-SHA256"}, {-1, NULL} }; @@ -488,10 +488,10 @@ const char *smb3_signing_algorithm_name(uint16_t algo) } static const struct enum_list enum_smb3_encryption_algorithms[] = { - {SMB2_ENCRYPTION_AES128_GCM, "aes-128-gcm"}, - {SMB2_ENCRYPTION_AES128_CCM, "aes-128-ccm"}, - {SMB2_ENCRYPTION_AES256_GCM, "aes-256-gcm"}, - {SMB2_ENCRYPTION_AES256_CCM, "aes-256-ccm"}, + {SMB2_ENCRYPTION_AES128_GCM, "AES-128-GCM"}, + {SMB2_ENCRYPTION_AES128_CCM, "AES-128-CCM"}, + {SMB2_ENCRYPTION_AES256_GCM, "AES-256-GCM"}, + {SMB2_ENCRYPTION_AES256_CCM, "AES-256-CCM"}, {-1, NULL} }; |