From afc93255d183eefb68e45b8ec6275f6a62cf9795 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 26 Dec 2007 17:12:36 -0800
Subject: Add SMB encryption. Still fixing client decrypt but negotiation
 works. Jeremy. (This used to be commit
 d78045601af787731f0737b8627450018902b104)

---
 source3/param/loadparm.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'source3/param')

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 5b009fc964..7186d4f075 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -6209,7 +6209,7 @@ uint32 lp_get_spoolss_state( void )
 }
 
 /*******************************************************************
- Ensure we don't use sendfile if server smb signing is active.
+ Ensure we don't use sendfile if server smb signing or selaing is active.
 ********************************************************************/
 
 bool lp_use_sendfile(int snum)
@@ -6218,7 +6218,10 @@ bool lp_use_sendfile(int snum)
 	if (Protocol < PROTOCOL_NT1) {
 		return False;
 	}
-	return (_lp_use_sendfile(snum) && (get_remote_arch() != RA_WIN95) && !srv_is_signing_active());
+	return (_lp_use_sendfile(snum) &&
+			(get_remote_arch() != RA_WIN95) &&
+			!srv_is_signing_active() &&
+			!srv_encryption_on());
 }
 
 /*******************************************************************
-- 
cgit 


From 675f41dc144fc0c150b44d931a9242f1ac1ebe5f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 27 Dec 2007 16:54:07 -0800
Subject: Add "smb encrypt" parameter. Can be set to "no, yes, required".
 Currently if set required this is not enforced. I'll be adding that soon.
 Jeremy. (This used to be commit df7e447623ac03d81bec384f5cfe83c3976cf7b2)

---
 source3/param/loadparm.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source3/param')

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 7186d4f075..16e9372009 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -472,6 +472,7 @@ typedef struct {
 	int iAioWriteSize;
 	int iMap_readonly;
 	int iDirectoryNameCacheSize;
+	int ismb_encrypt;
 	param_opt_struct *param_opt;
 
 	char dummy[3];		/* for alignment */
@@ -617,6 +618,7 @@ static service sDefault = {
 #else
 	100,			/* iDirectoryNameCacheSize */
 #endif
+	Auto,			/* ismb_encrypt */
 	NULL,			/* Parametric options */
 
 	""			/* dummy */
@@ -1027,6 +1029,7 @@ static struct parm_struct parm_table[] = {
 	{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_ADVANCED}, 
 	{"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, 
 	{"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, 
+	{"smb encrypt", P_ENUM, P_LOCAL, &sDefault.ismb_encrypt, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
 	{"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, 
 	{"client ldap sasl wrapping", P_ENUM, P_GLOBAL, &Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED},
 	{"enable asu support", P_BOOL, P_GLOBAL, &Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, 
@@ -2173,6 +2176,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize)
 FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize)
 FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
 FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
+FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
 FN_LOCAL_CHAR(lp_magicchar, magic_char)
 FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
 FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
-- 
cgit 


From 9254bb4ef1c3c3a52ea8e935edb0e7a86ec3ea7a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 4 Jan 2008 12:56:23 -0800
Subject: Refactor the crypto code after a very helpful conversation with
 Volker. Mostly making sure we have data on the incoming packet type, not
 stored in the smb header. Jeremy. (This used to be commit
 c4e5a505043965eec77b5bb9bc60957e8f3b97c8)

---
 source3/param/loadparm.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'source3/param')

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 16e9372009..29166cf02e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -6213,7 +6213,7 @@ uint32 lp_get_spoolss_state( void )
 }
 
 /*******************************************************************
- Ensure we don't use sendfile if server smb signing or selaing is active.
+ Ensure we don't use sendfile if server smb signing is active.
 ********************************************************************/
 
 bool lp_use_sendfile(int snum)
@@ -6224,8 +6224,7 @@ bool lp_use_sendfile(int snum)
 	}
 	return (_lp_use_sendfile(snum) &&
 			(get_remote_arch() != RA_WIN95) &&
-			!srv_is_signing_active() &&
-			!srv_encryption_on());
+			!srv_is_signing_active());
 }
 
 /*******************************************************************
-- 
cgit