diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-11-02 18:03:24 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-11-03 16:55:11 +0100 |
| commit | 71959d5e1ff0e524877081268ea4028e9cbbf9ed (patch) | |
| tree | 34f8207dbc445004d6b354b9cb3d3740ecfc68b5 | |
| parent | 908550f3c27c69d1a7f405a03bac86d985201670 (diff) | |
| download | samba-71959d5e1ff0e524877081268ea4028e9cbbf9ed.tar.gz samba-71959d5e1ff0e524877081268ea4028e9cbbf9ed.tar.bz2 samba-71959d5e1ff0e524877081268ea4028e9cbbf9ed.zip | |
s4:smb_server: change the default for "server signing" to "default"
metze
| -rw-r--r-- | lib/param/loadparm.c | 2 | ||||
| -rw-r--r-- | source4/smb_server/smb/signing.c | 5 | ||||
| -rw-r--r-- | source4/smb_server/smb2/negprot.c | 5 |
3 files changed, 9 insertions, 3 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 1048e69391..4216e09966 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -3382,7 +3382,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "idmap trusted only", "False"); lpcfg_do_global_parameter(lp_ctx, "client signing", "default"); - lpcfg_do_global_parameter(lp_ctx, "server signing", "auto"); + lpcfg_do_global_parameter(lp_ctx, "server signing", "default"); lpcfg_do_global_parameter(lp_ctx, "use spnego", "True"); diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c index 3e08e219ec..a3c91f6639 100644 --- a/source4/smb_server/smb/signing.c +++ b/source4/smb_server/smb/signing.c @@ -85,7 +85,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) } signing_setting = lpcfg_server_signing(smb_conn->lp_ctx); - if (signing_setting == SMB_SIGNING_AUTO) { + if (signing_setting == SMB_SIGNING_DEFAULT) { /* * If we are a domain controller, SMB signing is * really important, as it can prevent a number of @@ -106,6 +106,9 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) } switch (signing_setting) { + case SMB_SIGNING_DEFAULT: + smb_panic(__location__); + break; case SMB_SIGNING_OFF: smb_conn->signing.allow_smb_signing = false; break; diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 892953635c..24521da42e 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -123,7 +123,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 ZERO_STRUCT(io->out); signing_setting = lpcfg_server_signing(lp_ctx); - if (signing_setting == SMB_SIGNING_AUTO) { + if (signing_setting == SMB_SIGNING_DEFAULT) { /* * If we are a domain controller, SMB signing is * really important, as it can prevent a number of @@ -144,6 +144,9 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 } switch (signing_setting) { + case SMB_SIGNING_DEFAULT: + smb_panic(__location__); + break; case SMB_SIGNING_OFF: io->out.security_mode = 0; break; |