diff options
-rw-r--r-- | lib/param/loadparm.c | 24 | ||||
-rw-r--r-- | source3/include/proto.h | 4 | ||||
-rw-r--r-- | source3/param/loadparm.c | 38 | ||||
-rw-r--r-- | source3/param/loadparm_ctx.c | 3 | ||||
-rw-r--r-- | source3/smbd/negprot.c | 4 | ||||
-rw-r--r-- | source3/smbd/process.c | 2 | ||||
-rw-r--r-- | source3/smbd/smb2_negprot.c | 18 |
7 files changed, 69 insertions, 24 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 44a33295d5..bb59a79d0c 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -606,6 +606,22 @@ static struct parm_struct parm_table[] = { .enum_list = enum_protocol }, { + .label = "max protocol", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(srv_maxprotocol), + .special = NULL, + .enum_list = enum_protocol + }, + { + .label = "protocol", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(srv_maxprotocol), + .special = NULL, + .enum_list = enum_protocol + }, + { .label = "server min protocol", .type = P_ENUM, .p_class = P_GLOBAL, @@ -614,6 +630,14 @@ static struct parm_struct parm_table[] = { .enum_list = enum_protocol }, { + .label = "min protocol", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(srv_minprotocol), + .special = NULL, + .enum_list = enum_protocol + }, + { .label = "client max protocol", .type = P_ENUM, .p_class = P_GLOBAL, diff --git a/source3/include/proto.h b/source3/include/proto.h index f973800855..e0d9f3117e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1280,8 +1280,8 @@ int lp_passwordlevel(void); int lp_usernamelevel(void); int lp_deadtime(void); bool lp_getwd_cache(void); -int lp_maxprotocol(void); -int lp_minprotocol(void); +int lp_srv_maxprotocol(void); +int lp_srv_minprotocol(void); int lp_security(void); const char **lp_auth_methods(void); bool lp_paranoid_server_security(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 20a072d67f..382a273f38 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1549,7 +1549,16 @@ static struct parm_struct parm_table[] = { .label = "max protocol", .type = P_ENUM, .p_class = P_GLOBAL, - .offset = GLOBAL_VAR(maxprotocol), + .offset = GLOBAL_VAR(srv_maxprotocol), + .special = NULL, + .enum_list = enum_protocol, + .flags = FLAG_ADVANCED, + }, + { + .label = "server max protocol", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(srv_maxprotocol), .special = NULL, .enum_list = enum_protocol, .flags = FLAG_ADVANCED, @@ -1558,7 +1567,7 @@ static struct parm_struct parm_table[] = { .label = "protocol", .type = P_ENUM, .p_class = P_GLOBAL, - .offset = GLOBAL_VAR(maxprotocol), + .offset = GLOBAL_VAR(srv_maxprotocol), .special = NULL, .enum_list = enum_protocol, .flags = FLAG_ADVANCED, @@ -1567,7 +1576,16 @@ static struct parm_struct parm_table[] = { .label = "min protocol", .type = P_ENUM, .p_class = P_GLOBAL, - .offset = GLOBAL_VAR(minprotocol), + .offset = GLOBAL_VAR(srv_minprotocol), + .special = NULL, + .enum_list = enum_protocol, + .flags = FLAG_ADVANCED, + }, + { + .label = "server min protocol", + .type = P_ENUM, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(srv_minprotocol), .special = NULL, .enum_list = enum_protocol, .flags = FLAG_ADVANCED, @@ -4748,8 +4766,8 @@ static void init_globals(bool reinit_globals) Globals.max_log_size = 5000; Globals.max_open_files = max_open_files(); Globals.open_files_db_hash_size = SMB_OPEN_DATABASE_TDB_HASH_SIZE; - Globals.maxprotocol = PROTOCOL_NT1; - Globals.minprotocol = PROTOCOL_CORE; + Globals.srv_maxprotocol = PROTOCOL_NT1; + Globals.srv_minprotocol = PROTOCOL_CORE; Globals.security = SEC_USER; Globals.paranoid_server_security = true; Globals.bEncryptPasswords = true; @@ -5268,19 +5286,19 @@ FN_GLOBAL_INTEGER(lp_passwordlevel, pwordlevel) FN_GLOBAL_INTEGER(lp_usernamelevel, unamelevel) FN_GLOBAL_INTEGER(lp_deadtime, deadtime) FN_GLOBAL_BOOL(lp_getwd_cache, getwd_cache) -static FN_GLOBAL_INTEGER(_lp_maxprotocol, maxprotocol) -int lp_maxprotocol(void) +static FN_GLOBAL_INTEGER(_lp_srv_maxprotocol, srv_maxprotocol) +int lp_srv_maxprotocol(void) { - int ret = _lp_maxprotocol(); + int ret = _lp_srv_maxprotocol(); if ((ret >= PROTOCOL_SMB2_02) && (lp_security() == SEC_SHARE)) { DEBUG(2,("WARNING!!: \"security = share\" is incompatible " "with the SMB2 protocol. Resetting to SMB1.\n" )); - lp_do_parameter(-1, "max protocol", "NT1"); + lp_do_parameter(-1, "server max protocol", "NT1"); return PROTOCOL_NT1; } return ret; } -FN_GLOBAL_INTEGER(lp_minprotocol, minprotocol) +FN_GLOBAL_INTEGER(lp_srv_minprotocol, srv_minprotocol) FN_GLOBAL_INTEGER(lp_security, security) FN_GLOBAL_LIST(lp_auth_methods, AuthMethods) FN_GLOBAL_BOOL(lp_paranoid_server_security, paranoid_server_security) diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c index e1bbda3928..57ffb87344 100644 --- a/source3/param/loadparm_ctx.c +++ b/source3/param/loadparm_ctx.c @@ -110,6 +110,9 @@ static const struct loadparm_s3_context s3_fns = .unix_extensions = lp_unix_extensions, .use_spnego = lp_use_spnego, .use_mmap = lp_use_mmap, + + .srv_minprotocol = lp_srv_minprotocol, + .srv_maxprotocol = lp_srv_maxprotocol, }; const struct loadparm_s3_context *loadparm_s3_context(void) diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 717000a432..2f3fd450ca 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -695,8 +695,8 @@ void reply_negprot(struct smb_request *req) /* Check for protocols, most desirable first */ for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) { i = 0; - if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) && - (supported_protocols[protocol].protocol_level >= lp_minprotocol())) + if ((supported_protocols[protocol].protocol_level <= lp_srv_maxprotocol()) && + (supported_protocols[protocol].protocol_level >= lp_srv_minprotocol())) while (i < num_cliprotos) { if (strequal(cliprotos[i],supported_protocols[protocol].proto_name)) choice = i; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 391ddc70ba..ba6314cda0 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -3013,7 +3013,7 @@ void smbd_process(struct tevent_context *ev_ctx, char *rhost; int ret; - if (lp_maxprotocol() >= PROTOCOL_SMB2_02) { + if (lp_srv_maxprotocol() >= PROTOCOL_SMB2_02) { /* * We're not making the decision here, * we're just allowing the client diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 4cae143d75..d971fba034 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -119,10 +119,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) indyn = (const uint8_t *)req->in.vector[i+2].iov_base; for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) { - if (lp_maxprotocol() < PROTOCOL_SMB2_24) { + if (lp_srv_maxprotocol() < PROTOCOL_SMB2_24) { break; } - if (lp_minprotocol() > PROTOCOL_SMB2_24) { + if (lp_srv_minprotocol() > PROTOCOL_SMB2_24) { break; } @@ -134,10 +134,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) { - if (lp_maxprotocol() < PROTOCOL_SMB2_22) { + if (lp_srv_maxprotocol() < PROTOCOL_SMB2_22) { break; } - if (lp_minprotocol() > PROTOCOL_SMB2_22) { + if (lp_srv_minprotocol() > PROTOCOL_SMB2_22) { break; } @@ -149,10 +149,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) { - if (lp_maxprotocol() < PROTOCOL_SMB2_10) { + if (lp_srv_maxprotocol() < PROTOCOL_SMB2_10) { break; } - if (lp_minprotocol() > PROTOCOL_SMB2_10) { + if (lp_srv_minprotocol() > PROTOCOL_SMB2_10) { break; } @@ -164,10 +164,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) { - if (lp_maxprotocol() < PROTOCOL_SMB2_02) { + if (lp_srv_maxprotocol() < PROTOCOL_SMB2_02) { break; } - if (lp_minprotocol() > PROTOCOL_SMB2_02) { + if (lp_srv_minprotocol() > PROTOCOL_SMB2_02) { break; } @@ -179,7 +179,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) } for (c=0; protocol == PROTOCOL_NONE && c < dialect_count; c++) { - if (lp_maxprotocol() < PROTOCOL_SMB2_10) { + if (lp_srv_maxprotocol() < PROTOCOL_SMB2_10) { break; } |