diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/smb_server/smb/signing.c | 41 |
1 files changed, 3 insertions, 38 deletions
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c index d632e87ea7b..3fe7cff94fd 100644 --- a/source4/smb_server/smb/signing.c +++ b/source4/smb_server/smb/signing.c @@ -77,49 +77,14 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn, bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) { - enum smb_signing_setting signing_setting; - smb_conn->signing.mac_key = data_blob(NULL, 0); if (!smbcli_set_signing_off(&smb_conn->signing)) { return false; } - signing_setting = lpcfg_server_signing(smb_conn->lp_ctx); - if (signing_setting == SMB_SIGNING_DEFAULT) { - /* - * If we are a domain controller, SMB signing is - * really important, as it can prevent a number of - * attacks on communications between us and the - * clients - * - * However, it really sucks (no sendfile, CPU - * overhead) performance-wise when used on a - * file server, so disable it by default - * on non-DCs - */ - - if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) { - signing_setting = SMB_SIGNING_REQUIRED; - } else { - signing_setting = SMB_SIGNING_OFF; - } - } - - switch (signing_setting) { - case SMB_SIGNING_DEFAULT: - smb_panic(__location__); - break; - case SMB_SIGNING_OFF: - smb_conn->signing.allow_smb_signing = false; - break; - case SMB_SIGNING_IF_REQUIRED: - smb_conn->signing.allow_smb_signing = true; - break; - case SMB_SIGNING_REQUIRED: - smb_conn->signing.allow_smb_signing = true; - smb_conn->signing.mandatory_signing = true; - break; - } + smb_conn->signing.allow_smb_signing + = lpcfg_server_signing_allowed(smb_conn->lp_ctx, + &smb_conn->signing.mandatory_signing); return true; } |