diff options
author | Jeremy Allison <jra@samba.org> | 2003-07-16 22:57:56 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-07-16 22:57:56 +0000 |
commit | 6ab5e14494ed6b579658f4fe3410759582d909cd (patch) | |
tree | b430d08de24ebf22818f4f794c129b731eccfd95 /source3/param/loadparm.c | |
parent | cdb3b5dec2b5a5ce47c2d371769976d896210041 (diff) | |
download | samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.gz samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.bz2 samba-6ab5e14494ed6b579658f4fe3410759582d909cd.zip |
Refactor signing code to remove most dependencies on 'struct cli'.
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
(This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
Diffstat (limited to 'source3/param/loadparm.c')
-rw-r--r-- | source3/param/loadparm.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index dd429fa688..3739407810 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -292,6 +292,7 @@ typedef struct int restrict_anonymous; int name_cache_timeout; int client_signing; + int server_signing; param_opt_struct *param_opt; } global; @@ -693,15 +694,17 @@ static const struct enum_list enum_smb_signing_vals[] = { {False, "False"}, {False, "0"}, {False, "Off"}, + {False, "disabled"}, {True, "Yes"}, {True, "True"}, {True, "1"}, {True, "On"}, - {Required, "Required"}, - {Required, "Mandatory"}, - {Required, "Force"}, - {Required, "Forced"}, - {Required, "Enforced"}, + {True, "enabled"}, + {Required, "required"}, + {Required, "mandatory"}, + {Required, "force"}, + {Required, "forced"}, + {Required, "enforced"}, {-1, NULL} }; @@ -894,6 +897,7 @@ static struct parm_struct parm_table[] = { {"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER}, {"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED | FLAG_DEVELOPER}, {"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_DEVELOPER}, {"Tuning Options", P_SEP, P_SEPARATOR}, @@ -1885,7 +1889,8 @@ FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers) FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) -FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing) +FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) +FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing) /* local prototypes */ |