diff options
-rw-r--r-- | docs-xml/smbdotconf/security/serversigning.xml | 9 | ||||
-rw-r--r-- | lib/param/loadparm.c | 42 | ||||
-rw-r--r-- | source3/smbd/signing.c | 21 | ||||
-rw-r--r-- | source4/smb_server/smb/signing.c | 41 |
4 files changed, 61 insertions, 52 deletions
diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml index 0aced5d3c17..c94a3ee6ba2 100644 --- a/docs-xml/smbdotconf/security/serversigning.xml +++ b/docs-xml/smbdotconf/security/serversigning.xml @@ -6,10 +6,15 @@ <description> <para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values - are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> + are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> and <emphasis>disabled</emphasis>. </para> + <para>By default, and when smb signing is set to + <emphasis>default</emphasis>, smb signing enabled when + <smbconfoption name="server role"/> is <emphasis>active directory + domain controller</emphasis> and disabled otherwise.</para> + <para>When set to auto, SMB1 signing is offered, but not enforced. When set to mandatory, SMB1 signing is required and if set to disabled, SMB signing is not offered either.</para> @@ -20,5 +25,5 @@ will still require SMB2 clients to use signing.</para> </description> -<value type="default">Disabled</value> +<value type="default">default</value> </samba:parameter> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 71f62edf828..df2ff6e11ba 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2611,3 +2611,45 @@ int lpcfg_security(struct loadparm_context *lp_ctx) return lp_find_security(lpcfg__server_role(lp_ctx), lpcfg__security(lp_ctx)); } + +bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory) +{ + bool allowed = true; + enum smb_signing_setting signing_setting = lpcfg_server_signing(lp_ctx); + + *mandatory = false; + + if (signing_setting == SMB_SIGNING_DEFAULT) { + /* + * If we are a domain controller, SMB signing is + * really important, as it can prevent a number of + * attacks on communications between us and the + * clients + * + * However, it really sucks (no sendfile, CPU + * overhead) performance-wise when used on a + * file server, so disable it by default + * on non-DCs + */ + + if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) { + signing_setting = SMB_SIGNING_REQUIRED; + } else { + signing_setting = SMB_SIGNING_OFF; + } + } + + switch (signing_setting) { + case SMB_SIGNING_REQUIRED: + *mandatory = true; + break; + case SMB_SIGNING_IF_REQUIRED: + break; + case SMB_SIGNING_DEFAULT: + case SMB_SIGNING_OFF: + allowed = false; + break; + } + + return allowed; +} diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c index 2b622244c9f..295c9f1b790 100644 --- a/source3/smbd/signing.c +++ b/source3/smbd/signing.c @@ -23,6 +23,7 @@ #include "smbd/smbd.h" #include "smbd/globals.h" #include "../libcli/smb/smb_signing.h" +#include "lib/param/param.h" /*********************************************************** Called to validate an incoming packet from the client. @@ -168,20 +169,14 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr) bool srv_init_signing(struct smbd_server_connection *conn) { - bool allowed = true; + bool allowed; bool desired; bool mandatory = false; - switch (lp_server_signing()) { - case SMB_SIGNING_REQUIRED: - mandatory = true; - break; - case SMB_SIGNING_IF_REQUIRED: - break; - case SMB_SIGNING_DEFAULT: - case SMB_SIGNING_OFF: - allowed = false; - break; + struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); + if (lp_ctx == NULL) { + DEBUG(10, ("loadparm_init_s3 failed\n")); + return false; } /* @@ -192,7 +187,9 @@ bool srv_init_signing(struct smbd_server_connection *conn) * because not every client that requires signing * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED. */ - desired = allowed; + + allowed = desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory); + talloc_unlink(conn, lp_ctx); if (lp_async_smb_echo_handler()) { struct smbd_shm_signing *s; diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c index d632e87ea7b..3fe7cff94fd 100644 --- a/source4/smb_server/smb/signing.c +++ b/source4/smb_server/smb/signing.c @@ -77,49 +77,14 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn, bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) { - enum smb_signing_setting signing_setting; - smb_conn->signing.mac_key = data_blob(NULL, 0); if (!smbcli_set_signing_off(&smb_conn->signing)) { return false; } - signing_setting = lpcfg_server_signing(smb_conn->lp_ctx); - if (signing_setting == SMB_SIGNING_DEFAULT) { - /* - * If we are a domain controller, SMB signing is - * really important, as it can prevent a number of - * attacks on communications between us and the - * clients - * - * However, it really sucks (no sendfile, CPU - * overhead) performance-wise when used on a - * file server, so disable it by default - * on non-DCs - */ - - if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) { - signing_setting = SMB_SIGNING_REQUIRED; - } else { - signing_setting = SMB_SIGNING_OFF; - } - } - - switch (signing_setting) { - case SMB_SIGNING_DEFAULT: - smb_panic(__location__); - break; - case SMB_SIGNING_OFF: - smb_conn->signing.allow_smb_signing = false; - break; - case SMB_SIGNING_IF_REQUIRED: - smb_conn->signing.allow_smb_signing = true; - break; - case SMB_SIGNING_REQUIRED: - smb_conn->signing.allow_smb_signing = true; - smb_conn->signing.mandatory_signing = true; - break; - } + smb_conn->signing.allow_smb_signing + = lpcfg_server_signing_allowed(smb_conn->lp_ctx, + &smb_conn->signing.mandatory_signing); return true; } |