diff options
| -rw-r--r-- | source3/param/loadparm.c | 4 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 25 |
2 files changed, 28 insertions, 1 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 7186d4f075..16e9372009 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -472,6 +472,7 @@ typedef struct { int iAioWriteSize; int iMap_readonly; int iDirectoryNameCacheSize; + int ismb_encrypt; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -617,6 +618,7 @@ static service sDefault = { #else 100, /* iDirectoryNameCacheSize */ #endif + Auto, /* ismb_encrypt */ NULL, /* Parametric options */ "" /* dummy */ @@ -1027,6 +1029,7 @@ static struct parm_struct parm_table[] = { {"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_ADVANCED}, {"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, + {"smb encrypt", P_ENUM, P_LOCAL, &sDefault.ismb_encrypt, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, {"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, {"client ldap sasl wrapping", P_ENUM, P_GLOBAL, &Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED}, {"enable asu support", P_BOOL, P_GLOBAL, &Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, @@ -2173,6 +2176,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize) FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize) FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly) FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize) +FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 5a8fe41d27..ee4787199e 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2729,11 +2729,27 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned { bool large_write = lp_min_receive_file_size() && !srv_is_signing_active(); + int encrypt_caps = 0; if (!lp_unix_extensions()) { reply_nterror(req, NT_STATUS_INVALID_LEVEL); return; } + + switch (lp_smb_encrypt(SNUM(conn))) { + case 0: + encrypt_caps = 0; + break; + case 1: + case Auto: + encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP; + break; + case Required: + encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP| + CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP; + break; + } + data_len = 12; SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION); SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION); @@ -2748,7 +2764,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned CIFS_UNIX_EXTATTR_CAP| CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP| CIFS_UNIX_LARGE_READ_CAP| - CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP| + encrypt_caps| (large_write ? CIFS_UNIX_LARGE_WRITE_CAP : 0)))); break; @@ -3016,6 +3032,13 @@ cap_low = 0x%x, cap_high = 0x%x\n", return; } + if (lp_smb_encrypt(SNUM(conn)) == false) { + reply_nterror( + req, + NT_STATUS_NOT_SUPPORTED); + return; + } + DEBUG( 4,("call_trans2setfsinfo: " "request transport encrption.\n")); |