summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-10-30 01:22:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:05:03 -0500
commitad8c4ae941047aa7409ff0d8d10de721f5ff0659 (patch)
treec322013370a69f6c6f1476da9e5fffe45f8d117c
parent08e30a51f8e75cb5bf9485ba847a9b3c1c7fb9b8 (diff)
downloadsamba-ad8c4ae941047aa7409ff0d8d10de721f5ff0659.tar.gz
samba-ad8c4ae941047aa7409ff0d8d10de721f5ff0659.tar.bz2
samba-ad8c4ae941047aa7409ff0d8d10de721f5ff0659.zip
r3380: - changed the default behaviour of server signing. We now have a default
setting of "server signing = auto", which means to offer signing only if we have domain logons enabled (ie. we are a DC). This is a better match for what windows clients want, as unfortunately windows clients always use signing if it is offered, and when they use signing they not only go slower because of the signing itself, they also disable large readx/writex support, so they end up sending very small IOs for. - changed the default max xmit again, this time matching longhorn, which uses 12288. That seems to be a fairly good compromise value. (This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
-rw-r--r--source4/include/smb.h3
-rw-r--r--source4/libcli/raw/smb_signing.c1
-rw-r--r--source4/param/loadparm.c10
-rw-r--r--source4/smb_server/signing.c7
4 files changed, 15 insertions, 6 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h
index ccb245ccdd..b36c2a8708 100644
--- a/source4/include/smb.h
+++ b/source4/include/smb.h
@@ -33,7 +33,8 @@
#define SMB_PORT2 139
#define SMB_PORTS "445 139"
-enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED};
+enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED,
+ SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO};
/* deny modes */
#define DENY_DOS 0
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
index e1d7b071f2..2a0c64f598 100644
--- a/source4/libcli/raw/smb_signing.c
+++ b/source4/libcli/raw/smb_signing.c
@@ -394,6 +394,7 @@ BOOL smbcli_init_signing(struct smbcli_transport *transport)
transport->negotiate.sign_info.allow_smb_signing = False;
break;
case SMB_SIGNING_SUPPORTED:
+ case SMB_SIGNING_AUTO:
transport->negotiate.sign_info.allow_smb_signing = True;
break;
case SMB_SIGNING_REQUIRED:
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 341b039aad..f8b90203e7 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -198,8 +198,8 @@ typedef struct
BOOL bLanmanAuth;
BOOL bNTLMAuth;
BOOL bUseSpnego;
- BOOL server_signing;
- BOOL client_signing;
+ int server_signing;
+ int client_signing;
BOOL bClientLanManAuth;
BOOL bClientNTLMv2Auth;
BOOL bHostMSDfs;
@@ -456,12 +456,12 @@ static const struct enum_list enum_smb_signing_vals[] = {
{SMB_SIGNING_SUPPORTED, "1"},
{SMB_SIGNING_SUPPORTED, "On"},
{SMB_SIGNING_SUPPORTED, "enabled"},
- {SMB_SIGNING_SUPPORTED, "auto"},
{SMB_SIGNING_REQUIRED, "required"},
{SMB_SIGNING_REQUIRED, "mandatory"},
{SMB_SIGNING_REQUIRED, "force"},
{SMB_SIGNING_REQUIRED, "forced"},
{SMB_SIGNING_REQUIRED, "enforced"},
+ {SMB_SIGNING_AUTO, "auto"},
{-1, NULL}
};
@@ -939,7 +939,7 @@ static void init_globals(void)
do_parameter("load printers", "True");
do_parameter("max mux", "50");
- do_parameter("max xmit", "65535");
+ do_parameter("max xmit", "12288");
do_parameter("lpqcachetime", "10");
do_parameter("DisableSpoolss", "False");
do_parameter("password level", "0");
@@ -1006,7 +1006,7 @@ static void init_globals(void)
do_parameter("name cache timeout", "660"); /* In seconds */
do_parameter("client signing", "Yes");
- do_parameter("server signing", "Yes");
+ do_parameter("server signing", "auto");
do_parameter("use spnego", "True");
diff --git a/source4/smb_server/signing.c b/source4/smb_server/signing.c
index 5d18d44f4b..b3fac2fa70 100644
--- a/source4/smb_server/signing.c
+++ b/source4/smb_server/signing.c
@@ -110,6 +110,13 @@ BOOL srv_init_signing(struct smbsrv_connection *smb_conn)
smb_conn->signing.allow_smb_signing = True;
smb_conn->signing.mandatory_signing = True;
break;
+ case SMB_SIGNING_AUTO:
+ if (lp_domain_logons()) {
+ smb_conn->signing.allow_smb_signing = True;
+ } else {
+ smb_conn->signing.allow_smb_signing = False;
+ }
+ break;
}
return True;
}