diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-10-14 13:45:42 +1300 |
|---|---|---|
| committer | David Disseldorp <ddiss@samba.org> | 2013-11-22 13:13:03 +0100 |
| commit | e665fc394074e5aebc22baa4aa1d8d45077ce37d (patch) | |
| tree | 498f64c40723a7851aff5702b0e5a1d156228827 /source4/smb_server | |
| parent | 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a (diff) | |
| download | samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.tar.gz | |
lib/param: Consolidate code to enable smb signing on the server, always enable on AD DC
This uses the code from the source4/ SMB server (the NTVFS smb server)
in common, to force SMB Signing to be on when we are an AD DC.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104
Diffstat (limited to 'source4/smb_server')
| -rw-r--r-- | source4/smb_server/smb/signing.c | 41 |
1 files changed, 3 insertions, 38 deletions
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c index d632e87ea7b..3fe7cff94fd 100644 --- a/source4/smb_server/smb/signing.c +++ b/source4/smb_server/smb/signing.c @@ -77,49 +77,14 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn, bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) { - enum smb_signing_setting signing_setting; - smb_conn->signing.mac_key = data_blob(NULL, 0); if (!smbcli_set_signing_off(&smb_conn->signing)) { return false; } - signing_setting = lpcfg_server_signing(smb_conn->lp_ctx); - if (signing_setting == SMB_SIGNING_DEFAULT) { - /* - * If we are a domain controller, SMB signing is - * really important, as it can prevent a number of - * attacks on communications between us and the - * clients - * - * However, it really sucks (no sendfile, CPU - * overhead) performance-wise when used on a - * file server, so disable it by default - * on non-DCs - */ - - if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) { - signing_setting = SMB_SIGNING_REQUIRED; - } else { - signing_setting = SMB_SIGNING_OFF; - } - } - - switch (signing_setting) { - case SMB_SIGNING_DEFAULT: - smb_panic(__location__); - break; - case SMB_SIGNING_OFF: - smb_conn->signing.allow_smb_signing = false; - break; - case SMB_SIGNING_IF_REQUIRED: - smb_conn->signing.allow_smb_signing = true; - break; - case SMB_SIGNING_REQUIRED: - smb_conn->signing.allow_smb_signing = true; - smb_conn->signing.mandatory_signing = true; - break; - } + smb_conn->signing.allow_smb_signing + = lpcfg_server_signing_allowed(smb_conn->lp_ctx, + &smb_conn->signing.mandatory_signing); return true; } |