diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-10-14 13:45:42 +1300 |
---|---|---|
committer | David Disseldorp <ddiss@samba.org> | 2013-11-22 13:13:03 +0100 |
commit | e665fc394074e5aebc22baa4aa1d8d45077ce37d (patch) | |
tree | 498f64c40723a7851aff5702b0e5a1d156228827 /source3 | |
parent | 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a (diff) | |
download | samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.tar.gz samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.tar.xz samba-e665fc394074e5aebc22baa4aa1d8d45077ce37d.zip |
lib/param: Consolidate code to enable smb signing on the server, always enable on AD DC
This uses the code from the source4/ SMB server (the NTVFS smb server)
in common, to force SMB Signing to be on when we are an AD DC.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/signing.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c index 2b622244c9f..295c9f1b790 100644 --- a/source3/smbd/signing.c +++ b/source3/smbd/signing.c @@ -23,6 +23,7 @@ #include "smbd/smbd.h" #include "smbd/globals.h" #include "../libcli/smb/smb_signing.h" +#include "lib/param/param.h" /*********************************************************** Called to validate an incoming packet from the client. @@ -168,20 +169,14 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr) bool srv_init_signing(struct smbd_server_connection *conn) { - bool allowed = true; + bool allowed; bool desired; bool mandatory = false; - switch (lp_server_signing()) { - case SMB_SIGNING_REQUIRED: - mandatory = true; - break; - case SMB_SIGNING_IF_REQUIRED: - break; - case SMB_SIGNING_DEFAULT: - case SMB_SIGNING_OFF: - allowed = false; - break; + struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); + if (lp_ctx == NULL) { + DEBUG(10, ("loadparm_init_s3 failed\n")); + return false; } /* @@ -192,7 +187,9 @@ bool srv_init_signing(struct smbd_server_connection *conn) * because not every client that requires signing * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. */ - desired = allowed; + + allowed = desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory); + talloc_unlink(conn, lp_ctx); if (lp_async_smb_echo_handler()) { struct smbd_shm_signing *s; |