Add "smb encrypt" parameter. Can be set to "no, yes, required".

author Jeremy Allison <jra@samba.org>

Fri, 28 Dec 2007 00:54:07 +0000 (16:54 -0800)

committer Jeremy Allison <jra@samba.org>

Fri, 28 Dec 2007 00:54:07 +0000 (16:54 -0800)
author Jeremy Allison <jra@samba.org>
Fri, 28 Dec 2007 00:54:07 +0000 (16:54 -0800)
committer Jeremy Allison <jra@samba.org>
Fri, 28 Dec 2007 00:54:07 +0000 (16:54 -0800)
diff --git a/source/param/loadparm.c b/source/param/loadparm.c

index 7186d4f075492402901e2dafd911d624809093c6..16e937200983ef6110d816da9925482cdbd9673b 100644 (file)
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -472,6 +472,7 @@ typedef struct {
         int iAioWriteSize;
         int iMap_readonly;
         int iDirectoryNameCacheSize;
+       int ismb_encrypt;
         param_opt_struct *param_opt;
  
         char dummy[3];          /* for alignment */
@@ -617,6 +618,7 @@ static service sDefault = {
  #else
         100,                    /* iDirectoryNameCacheSize */
  #endif
+       Auto,                   /* ismb_encrypt */
         NULL,                   /* Parametric options */
  
         ""                      /* dummy */
@@ -1027,6 +1029,7 @@ static struct parm_struct parm_table[] = {
         {"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_ADVANCED}, 
         {"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, 
         {"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, 
+       {"smb encrypt", P_ENUM, P_LOCAL, &sDefault.ismb_encrypt, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
         {"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, 
         {"client ldap sasl wrapping", P_ENUM, P_GLOBAL, &Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED},
         {"enable asu support", P_BOOL, P_GLOBAL, &Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, 
@@ -2173,6 +2176,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize)
  FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize)
  FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
  FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
+FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
  FN_LOCAL_CHAR(lp_magicchar, magic_char)
  FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
  FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c

index 5a8fe41d27d916f837b450b7b7ca34dfe027785e..ee4787199e5f0baa9caaf49e5b5dc2257aff871d 100644 (file)
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -2729,11 +2729,27 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                 {
                         bool large_write = lp_min_receive_file_size() &&
                                                 !srv_is_signing_active();
+                       int encrypt_caps = 0;
  
                         if (!lp_unix_extensions()) {
                                 reply_nterror(req, NT_STATUS_INVALID_LEVEL);
                                 return;
                         }
+
+                       switch (lp_smb_encrypt(SNUM(conn))) {
+                       case 0:
+                               encrypt_caps = 0;
+                               break;
+                       case 1:
+                       case Auto:
+                               encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP;
+                               break;
+                       case Required:
+                               encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
+                                               CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP;
+                               break;
+                       }
+
                         data_len = 12;
                         SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION);
                         SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION);
@@ -2748,7 +2764,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                                         CIFS_UNIX_EXTATTR_CAP|
                                         CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP|
                                         CIFS_UNIX_LARGE_READ_CAP|
-                                       CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
+                                       encrypt_caps|
                                         (large_write ?
                                         CIFS_UNIX_LARGE_WRITE_CAP : 0))));
                         break;
@@ -3016,6 +3032,13 @@ cap_low = 0x%x, cap_high = 0x%x\n",
                                         return;
                                 }
  
+                               if (lp_smb_encrypt(SNUM(conn)) == false) {
+                                       reply_nterror(
+                                               req,
+                                               NT_STATUS_NOT_SUPPORTED);
+                                       return;
+                               }
+
                                 DEBUG( 4,("call_trans2setfsinfo: "
                                         "request transport encrption.\n"));
author	Jeremy Allison <jra@samba.org>
	Fri, 28 Dec 2007 00:54:07 +0000 (16:54 -0800)
committer	Jeremy Allison <jra@samba.org>
	Fri, 28 Dec 2007 00:54:07 +0000 (16:54 -0800)
source/param/loadparm.c		patch \| blob \| history
source/smbd/trans2.c		patch \| blob \| history