summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/smb.h3
-rw-r--r--source4/libcli/raw/smb_signing.c1
-rw-r--r--source4/param/loadparm.c10
-rw-r--r--source4/smb_server/signing.c7
4 files changed, 15 insertions, 6 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h
index ccb245ccdd..b36c2a8708 100644
--- a/source4/include/smb.h
+++ b/source4/include/smb.h
@@ -33,7 +33,8 @@
#define SMB_PORT2 139
#define SMB_PORTS "445 139"
-enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED};
+enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED,
+ SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO};
/* deny modes */
#define DENY_DOS 0
diff --git a/source4/libcli/raw/smb_signing.c b/source4/libcli/raw/smb_signing.c
index e1d7b071f2..2a0c64f598 100644
--- a/source4/libcli/raw/smb_signing.c
+++ b/source4/libcli/raw/smb_signing.c
@@ -394,6 +394,7 @@ BOOL smbcli_init_signing(struct smbcli_transport *transport)
transport->negotiate.sign_info.allow_smb_signing = False;
break;
case SMB_SIGNING_SUPPORTED:
+ case SMB_SIGNING_AUTO:
transport->negotiate.sign_info.allow_smb_signing = True;
break;
case SMB_SIGNING_REQUIRED:
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 341b039aad..f8b90203e7 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -198,8 +198,8 @@ typedef struct
BOOL bLanmanAuth;
BOOL bNTLMAuth;
BOOL bUseSpnego;
- BOOL server_signing;
- BOOL client_signing;
+ int server_signing;
+ int client_signing;
BOOL bClientLanManAuth;
BOOL bClientNTLMv2Auth;
BOOL bHostMSDfs;
@@ -456,12 +456,12 @@ static const struct enum_list enum_smb_signing_vals[] = {
{SMB_SIGNING_SUPPORTED, "1"},
{SMB_SIGNING_SUPPORTED, "On"},
{SMB_SIGNING_SUPPORTED, "enabled"},
- {SMB_SIGNING_SUPPORTED, "auto"},
{SMB_SIGNING_REQUIRED, "required"},
{SMB_SIGNING_REQUIRED, "mandatory"},
{SMB_SIGNING_REQUIRED, "force"},
{SMB_SIGNING_REQUIRED, "forced"},
{SMB_SIGNING_REQUIRED, "enforced"},
+ {SMB_SIGNING_AUTO, "auto"},
{-1, NULL}
};
@@ -939,7 +939,7 @@ static void init_globals(void)
do_parameter("load printers", "True");
do_parameter("max mux", "50");
- do_parameter("max xmit", "65535");
+ do_parameter("max xmit", "12288");
do_parameter("lpqcachetime", "10");
do_parameter("DisableSpoolss", "False");
do_parameter("password level", "0");
@@ -1006,7 +1006,7 @@ static void init_globals(void)
do_parameter("name cache timeout", "660"); /* In seconds */
do_parameter("client signing", "Yes");
- do_parameter("server signing", "Yes");
+ do_parameter("server signing", "auto");
do_parameter("use spnego", "True");
diff --git a/source4/smb_server/signing.c b/source4/smb_server/signing.c
index 5d18d44f4b..b3fac2fa70 100644
--- a/source4/smb_server/signing.c
+++ b/source4/smb_server/signing.c
@@ -110,6 +110,13 @@ BOOL srv_init_signing(struct smbsrv_connection *smb_conn)
smb_conn->signing.allow_smb_signing = True;
smb_conn->signing.mandatory_signing = True;
break;
+ case SMB_SIGNING_AUTO:
+ if (lp_domain_logons()) {
+ smb_conn->signing.allow_smb_signing = True;
+ } else {
+ smb_conn->signing.allow_smb_signing = False;
+ }
+ break;
}
return True;
}