diff options
| author | Andreas Schneider <asn@samba.org> | 2019-11-04 17:15:14 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2020-03-19 20:46:41 +0000 |
| commit | 7d09c1cc8771d0822480f90b77b9f883d67b5658 (patch) | |
| tree | aced8159c0d357c578d25f465f37db033b9e2d22 /lib | |
| parent | 3d1ecef173a372474c86d3fe8cd42c2f2e69185d (diff) | |
| download | samba-7d09c1cc8771d0822480f90b77b9f883d67b5658.tar.gz | |
lib:param: Add lp(cfg)_weak_crypto()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/param/loadparm.c | 15 | ||||
| -rw-r--r-- | lib/param/loadparm.h | 10 | ||||
| -rw-r--r-- | lib/param/wscript_build | 2 |
3 files changed, 25 insertions, 2 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 611c1b240af..4bee921e3c7 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -72,6 +72,7 @@ #include "libds/common/roles.h" #include "lib/util/samba_util.h" #include "libcli/auth/ntlm_check.h" +#include "lib/crypto/gnutls_helpers.h" #ifdef HAVE_HTTPCONNECTENCRYPT #include <cups/http.h> @@ -96,6 +97,19 @@ int lpcfg_rpc_high_port(struct loadparm_context *lp_ctx) return lp_ctx->globals->rpc_high_port; } +enum samba_weak_crypto lpcfg_weak_crypto(struct loadparm_context *lp_ctx) +{ + if (lp_ctx->globals->weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) { + lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED; + + if (samba_gnutls_weak_crypto_allowed()) { + lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED; + } + } + + return lp_ctx->globals->weak_crypto; +} + /** * Convenience routine to grab string parameters into temporary memory * and run standard_sub_basic on them. @@ -2607,6 +2621,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lp_ctx->globals->ctx = lp_ctx->globals; lp_ctx->globals->rpc_low_port = SERVER_TCP_LOW_PORT; lp_ctx->globals->rpc_high_port = SERVER_TCP_HIGH_PORT; + lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_UNKNOWN; lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service); lp_ctx->flags = talloc_zero_array(lp_ctx, unsigned int, num_parameters()); diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h index 65ff62cc3b9..323fcf84523 100644 --- a/lib/param/loadparm.h +++ b/lib/param/loadparm.h @@ -255,6 +255,13 @@ enum spotlight_backend_options { SPOTLIGHT_BACKEND_ES, }; +/* FIPS values */ +enum samba_weak_crypto { + SAMBA_WEAK_CRYPTO_UNKNOWN, + SAMBA_WEAK_CRYPTO_ALLOWED, + SAMBA_WEAK_CRYPTO_DISALLOWED, +}; + /* * Default passwd chat script. */ @@ -292,7 +299,8 @@ enum spotlight_backend_options { struct parmlist_entry *param_opt; \ char *dnsdomain; \ int rpc_low_port; \ - int rpc_high_port; + int rpc_high_port; \ + enum samba_weak_crypto weak_crypto; const char* server_role_str(uint32_t role); int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master); diff --git a/lib/param/wscript_build b/lib/param/wscript_build index 20c8bcab22a..864975a5884 100644 --- a/lib/param/wscript_build +++ b/lib/param/wscript_build @@ -40,7 +40,7 @@ bld.SAMBA_LIBRARY('samba-hostconfig', pc_files='samba-hostconfig.pc', vnum='0.0.1', deps='DYNCONFIG server-role tdb', - public_deps='samba-util param_local.h', + public_deps='GNUTLS_HELPERS samba-util param_local.h', public_headers='param.h', autoproto='param_proto.h' ) |