summaryrefslogtreecommitdiff
path: root/source3/param
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-07-16 22:57:56 +0000
committerJeremy Allison <jra@samba.org>2003-07-16 22:57:56 +0000
commit6ab5e14494ed6b579658f4fe3410759582d909cd (patch)
treeb430d08de24ebf22818f4f794c129b731eccfd95 /source3/param
parentcdb3b5dec2b5a5ce47c2d371769976d896210041 (diff)
downloadsamba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.gz
samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.bz2
samba-6ab5e14494ed6b579658f4fe3410759582d909cd.zip
Refactor signing code to remove most dependencies on 'struct cli'.
Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
Diffstat (limited to 'source3/param')
-rw-r--r--source3/param/loadparm.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index dd429fa688..3739407810 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -292,6 +292,7 @@ typedef struct
int restrict_anonymous;
int name_cache_timeout;
int client_signing;
+ int server_signing;
param_opt_struct *param_opt;
}
global;
@@ -693,15 +694,17 @@ static const struct enum_list enum_smb_signing_vals[] = {
{False, "False"},
{False, "0"},
{False, "Off"},
+ {False, "disabled"},
{True, "Yes"},
{True, "True"},
{True, "1"},
{True, "On"},
- {Required, "Required"},
- {Required, "Mandatory"},
- {Required, "Force"},
- {Required, "Forced"},
- {Required, "Enforced"},
+ {True, "enabled"},
+ {Required, "required"},
+ {Required, "mandatory"},
+ {Required, "force"},
+ {Required, "forced"},
+ {Required, "enforced"},
{-1, NULL}
};
@@ -894,6 +897,7 @@ static struct parm_struct parm_table[] = {
{"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER},
{"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED | FLAG_DEVELOPER},
{"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_DEVELOPER},
{"Tuning Options", P_SEP, P_SEPARATOR},
@@ -1885,7 +1889,8 @@ FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
-FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing)
+FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
+FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing)
/* local prototypes */
generated by cgit (git 2.34.1) at 2024-07-09 07:04:34 +0000