From 6ab5e14494ed6b579658f4fe3410759582d909cd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 Jul 2003 22:57:56 +0000 Subject: Refactor signing code to remove most dependencies on 'struct cli'. Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb) --- source3/param/loadparm.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'source3/param') diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index dd429fa688..3739407810 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -292,6 +292,7 @@ typedef struct int restrict_anonymous; int name_cache_timeout; int client_signing; + int server_signing; param_opt_struct *param_opt; } global; @@ -693,15 +694,17 @@ static const struct enum_list enum_smb_signing_vals[] = { {False, "False"}, {False, "0"}, {False, "Off"}, + {False, "disabled"}, {True, "Yes"}, {True, "True"}, {True, "1"}, {True, "On"}, - {Required, "Required"}, - {Required, "Mandatory"}, - {Required, "Force"}, - {Required, "Forced"}, - {Required, "Enforced"}, + {True, "enabled"}, + {Required, "required"}, + {Required, "mandatory"}, + {Required, "force"}, + {Required, "forced"}, + {Required, "enforced"}, {-1, NULL} }; @@ -894,6 +897,7 @@ static struct parm_struct parm_table[] = { {"unix extensions", P_BOOL, P_GLOBAL, &Globals.bUnixExtensions, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_DEVELOPER}, {"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED | FLAG_DEVELOPER}, + {"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED | FLAG_DEVELOPER}, {"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_DEVELOPER}, {"Tuning Options", P_SEP, P_SEPARATOR}, @@ -1885,7 +1889,8 @@ FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers) FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) -FN_GLOBAL_BOOL(lp_client_signing, &Globals.client_signing) +FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) +FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing) /* local prototypes */ -- cgit