diff options
-rw-r--r-- | source4/include/smb.h | 3 | ||||
-rw-r--r-- | source4/libcli/raw/smb_signing.c | 1 | ||||
-rw-r--r-- | source4/param/loadparm.c | 10 | ||||
-rw-r--r-- | source4/smb_server/signing.c | 7 |
4 files changed, 15 insertions, 6 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h index ccb245ccdd..b36c2a8708 100644 --- a/source4/include/smb.h +++ b/source4/include/smb.h @@ -33,7 +33,8 @@ #define SMB_PORT2 139 #define SMB_PORTS "445 139" -enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED}; +enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, + SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO}; /* deny modes */ #define DENY_DOS 0 diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c index e1d7b071f2..2a0c64f598 100644 --- a/source4/libcli/raw/smb_signing.c +++ b/source4/libcli/raw/smb_signing.c @@ -394,6 +394,7 @@ BOOL smbcli_init_signing(struct smbcli_transport *transport) transport->negotiate.sign_info.allow_smb_signing = False; break; case SMB_SIGNING_SUPPORTED: + case SMB_SIGNING_AUTO: transport->negotiate.sign_info.allow_smb_signing = True; break; case SMB_SIGNING_REQUIRED: diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 341b039aad..f8b90203e7 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -198,8 +198,8 @@ typedef struct BOOL bLanmanAuth; BOOL bNTLMAuth; BOOL bUseSpnego; - BOOL server_signing; - BOOL client_signing; + int server_signing; + int client_signing; BOOL bClientLanManAuth; BOOL bClientNTLMv2Auth; BOOL bHostMSDfs; @@ -456,12 +456,12 @@ static const struct enum_list enum_smb_signing_vals[] = { {SMB_SIGNING_SUPPORTED, "1"}, {SMB_SIGNING_SUPPORTED, "On"}, {SMB_SIGNING_SUPPORTED, "enabled"}, - {SMB_SIGNING_SUPPORTED, "auto"}, {SMB_SIGNING_REQUIRED, "required"}, {SMB_SIGNING_REQUIRED, "mandatory"}, {SMB_SIGNING_REQUIRED, "force"}, {SMB_SIGNING_REQUIRED, "forced"}, {SMB_SIGNING_REQUIRED, "enforced"}, + {SMB_SIGNING_AUTO, "auto"}, {-1, NULL} }; @@ -939,7 +939,7 @@ static void init_globals(void) do_parameter("load printers", "True"); do_parameter("max mux", "50"); - do_parameter("max xmit", "65535"); + do_parameter("max xmit", "12288"); do_parameter("lpqcachetime", "10"); do_parameter("DisableSpoolss", "False"); do_parameter("password level", "0"); @@ -1006,7 +1006,7 @@ static void init_globals(void) do_parameter("name cache timeout", "660"); /* In seconds */ do_parameter("client signing", "Yes"); - do_parameter("server signing", "Yes"); + do_parameter("server signing", "auto"); do_parameter("use spnego", "True"); diff --git a/source4/smb_server/signing.c b/source4/smb_server/signing.c index 5d18d44f4b..b3fac2fa70 100644 --- a/source4/smb_server/signing.c +++ b/source4/smb_server/signing.c @@ -110,6 +110,13 @@ BOOL srv_init_signing(struct smbsrv_connection *smb_conn) smb_conn->signing.allow_smb_signing = True; smb_conn->signing.mandatory_signing = True; break; + case SMB_SIGNING_AUTO: + if (lp_domain_logons()) { + smb_conn->signing.allow_smb_signing = True; + } else { + smb_conn->signing.allow_smb_signing = False; + } + break; } return True; } |