diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-10-30 01:22:52 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:03 -0500 |
commit | ad8c4ae941047aa7409ff0d8d10de721f5ff0659 (patch) | |
tree | c322013370a69f6c6f1476da9e5fffe45f8d117c | |
parent | 08e30a51f8e75cb5bf9485ba847a9b3c1c7fb9b8 (diff) | |
download | samba-ad8c4ae941047aa7409ff0d8d10de721f5ff0659.tar.gz samba-ad8c4ae941047aa7409ff0d8d10de721f5ff0659.tar.bz2 samba-ad8c4ae941047aa7409ff0d8d10de721f5ff0659.zip |
r3380: - changed the default behaviour of server signing. We now have a default
setting of "server signing = auto", which means to offer signing
only if we have domain logons enabled (ie. we are a DC). This is a
better match for what windows clients want, as unfortunately windows
clients always use signing if it is offered, and when they use signing
they not only go slower because of the signing itself, they also
disable large readx/writex support, so they end up sending very small
IOs for.
- changed the default max xmit again, this time matching longhorn,
which uses 12288. That seems to be a fairly good compromise value.
(This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
-rw-r--r-- | source4/include/smb.h | 3 | ||||
-rw-r--r-- | source4/libcli/raw/smb_signing.c | 1 | ||||
-rw-r--r-- | source4/param/loadparm.c | 10 | ||||
-rw-r--r-- | source4/smb_server/signing.c | 7 |
4 files changed, 15 insertions, 6 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h index ccb245ccdd..b36c2a8708 100644 --- a/source4/include/smb.h +++ b/source4/include/smb.h @@ -33,7 +33,8 @@ #define SMB_PORT2 139 #define SMB_PORTS "445 139" -enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED}; +enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, + SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO}; /* deny modes */ #define DENY_DOS 0 diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index e1d7b071f2..2a0c64f598 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -394,6 +394,7 @@ BOOL smbcli_init_signing(struct smbcli_transport *transport) transport->negotiate.sign_info.allow_smb_signing = False; break; case SMB_SIGNING_SUPPORTED: + case SMB_SIGNING_AUTO: transport->negotiate.sign_info.allow_smb_signing = True; break; case SMB_SIGNING_REQUIRED: diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 341b039aad..f8b90203e7 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -198,8 +198,8 @@ typedef struct BOOL bLanmanAuth; BOOL bNTLMAuth; BOOL bUseSpnego; - BOOL server_signing; - BOOL client_signing; + int server_signing; + int client_signing; BOOL bClientLanManAuth; BOOL bClientNTLMv2Auth; BOOL bHostMSDfs; @@ -456,12 +456,12 @@ static const struct enum_list enum_smb_signing_vals[] = { {SMB_SIGNING_SUPPORTED, "1"}, {SMB_SIGNING_SUPPORTED, "On"}, {SMB_SIGNING_SUPPORTED, "enabled"}, - {SMB_SIGNING_SUPPORTED, "auto"}, {SMB_SIGNING_REQUIRED, "required"}, {SMB_SIGNING_REQUIRED, "mandatory"}, {SMB_SIGNING_REQUIRED, "force"}, {SMB_SIGNING_REQUIRED, "forced"}, {SMB_SIGNING_REQUIRED, "enforced"}, + {SMB_SIGNING_AUTO, "auto"}, {-1, NULL} }; @@ -939,7 +939,7 @@ static void init_globals(void) do_parameter("load printers", "True"); do_parameter("max mux", "50"); - do_parameter("max xmit", "65535"); + do_parameter("max xmit", "12288"); do_parameter("lpqcachetime", "10"); do_parameter("DisableSpoolss", "False"); do_parameter("password level", "0"); @@ -1006,7 +1006,7 @@ static void init_globals(void) do_parameter("name cache timeout", "660"); /* In seconds */ do_parameter("client signing", "Yes"); - do_parameter("server signing", "Yes"); + do_parameter("server signing", "auto"); do_parameter("use spnego", "True"); diff --git a/source4/smb_server/signing.c b/source4/smb_server/signing.c index 5d18d44f4b..b3fac2fa70 100644 --- a/source4/smb_server/signing.c +++ b/source4/smb_server/signing.c @@ -110,6 +110,13 @@ BOOL srv_init_signing(struct smbsrv_connection *smb_conn) smb_conn->signing.allow_smb_signing = True; smb_conn->signing.mandatory_signing = True; break; + case SMB_SIGNING_AUTO: + if (lp_domain_logons()) { + smb_conn->signing.allow_smb_signing = True; + } else { + smb_conn->signing.allow_smb_signing = False; + } + break; } return True; } |