diff options
| author | Andreas Schneider <asn@samba.org> | 2020-08-19 11:34:02 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2021-04-28 03:43:34 +0000 |
| commit | 1cd233712e1a62d716a1d8b34ff3dca6a8f0f501 (patch) | |
| tree | 09c0136d56eb2083b9f13bad5ee2b7143fe0564b /lib/param | |
| parent | b2bad13ca3545ea451c7858dace56195d18c4827 (diff) | |
| download | samba-1cd233712e1a62d716a1d8b34ff3dca6a8f0f501.tar.gz | |
lib:param: Add 'client use kerberos' config parameter
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/param')
| -rw-r--r-- | lib/param/loadparm.c | 14 | ||||
| -rw-r--r-- | lib/param/param_table.c | 12 |
2 files changed, 26 insertions, 0 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 6a4ae555759..7b0f652c069 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -74,6 +74,7 @@ #include "libcli/auth/ntlm_check.h" #include "lib/crypto/gnutls_helpers.h" #include "lib/util/smb_strtox.h" +#include "auth/credentials/credentials.h" #ifdef HAVE_HTTPCONNECTENCRYPT #include <cups/http.h> @@ -2947,6 +2948,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) "client smb encrypt", "default"); + lpcfg_do_global_parameter(lp_ctx, + "client use kerberos", + "desired"); + for (i = 0; parm_table[i].label; i++) { if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) { lp_ctx->flags[i] |= FLAG_DEFAULT; @@ -3383,6 +3388,15 @@ int lpcfg_client_ipc_signing(struct loadparm_context *lp_ctx) return client_ipc_signing; } +enum credentials_use_kerberos lpcfg_client_use_kerberos(struct loadparm_context *lp_ctx) +{ + if (lpcfg_weak_crypto(lp_ctx) == SAMBA_WEAK_CRYPTO_DISALLOWED) { + return CRED_USE_KERBEROS_REQUIRED; + } + + return lpcfg__client_use_kerberos(lp_ctx); +} + bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory) { bool allowed = true; diff --git a/lib/param/param_table.c b/lib/param/param_table.c index e2f737279dc..b26f0738f09 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -35,6 +35,7 @@ #include "libcli/smb/smb_constants.h" #include "libds/common/roles.h" #include "source4/lib/tls/tls.h" +#include "auth/credentials/credentials.h" #ifndef N_ #define N_(x) x @@ -161,6 +162,17 @@ static const struct enum_list enum_smb_encryption_vals[] = { {-1, NULL} }; +static const struct enum_list enum_use_kerberos_vals[] = { + {CRED_USE_KERBEROS_DESIRED, "desired"}, + {CRED_USE_KERBEROS_DESIRED, "auto"}, + {CRED_USE_KERBEROS_REQUIRED, "yes"}, + {CRED_USE_KERBEROS_REQUIRED, "required"}, + {CRED_USE_KERBEROS_DISABLED, "no"}, + {CRED_USE_KERBEROS_DISABLED, "disabled"}, + {CRED_USE_KERBEROS_DISABLED, "off"}, + {-1, NULL} +}; + static const struct enum_list enum_mdns_name_values[] = { {MDNS_NAME_NETBIOS, "netbios"}, {MDNS_NAME_MDNS, "mdns"}, |