Introduce setting "desired" for 'smb encrypt' and 'client/server signing'

author Michael Adam <obnox@samba.org>

Tue, 30 Jun 2015 12:16:19 +0000 (14:16 +0200)

committer Karolin Seeger <kseeger@samba.org>

Sun, 19 Jul 2015 18:13:10 +0000 (20:13 +0200)
author Michael Adam <obnox@samba.org>
Tue, 30 Jun 2015 12:16:19 +0000 (14:16 +0200)
committer Karolin Seeger <kseeger@samba.org>
Sun, 19 Jul 2015 18:13:10 +0000 (20:13 +0200)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c

index d590bd11e4514220c0f977367e0612d0d8312c50..aa1696990bcb952066ee673008909a456965c4bd 100644 (file)
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -101,6 +101,7 @@ static const struct enum_list enum_smb_signing_vals[] = {
         {SMB_SIGNING_IF_REQUIRED, "On"},
         {SMB_SIGNING_IF_REQUIRED, "enabled"},
         {SMB_SIGNING_IF_REQUIRED, "auto"},
+       {SMB_SIGNING_DESIRED, "desired"},
         {SMB_SIGNING_REQUIRED, "required"},
         {SMB_SIGNING_REQUIRED, "mandatory"},
         {SMB_SIGNING_REQUIRED, "force"},
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c

index 0c6a6d29476c61f7f2d2b8f1f141536ca7b7e5bb..5063e591784c5ece4d5365af77c54e2b8077e65f 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -354,6 +354,12 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx,
                 conn->desire_signing = false;
                 conn->mandatory_signing = false;
                 break;
+       case SMB_SIGNING_DESIRED:
+               /* if the server desires it */
+               conn->allow_signing = true;
+               conn->desire_signing = true;
+               conn->mandatory_signing = false;
+               break;
         case SMB_SIGNING_REQUIRED:
                 /* always */
                 conn->allow_signing = true;
diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h

index 175ffafc4d1c805f664481f5b6e4066897d8825d..6dbaa288e2ec4133abde464d1d3d07dfb51f5555 100644 (file)
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -94,6 +94,7 @@ enum smb_signing_setting {
         SMB_SIGNING_DEFAULT = -1,
         SMB_SIGNING_OFF = 0,
         SMB_SIGNING_IF_REQUIRED = 1,
+       SMB_SIGNING_DESIRED = 2,
         SMB_SIGNING_REQUIRED = 3,
  };
  
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c

index 83cae18bf312e3babd67cf484533e19a33d58fac..6a8f6efc2df8210d5ec46b3ec2838a433c847ebc 100644 (file)
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -150,6 +150,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
         case SMB_SIGNING_OFF:
                 io->out.security_mode = 0;
                 break;
+       case SMB_SIGNING_DESIRED:
         case SMB_SIGNING_IF_REQUIRED:
                 io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
                 break;
author	Michael Adam <obnox@samba.org>
	Tue, 30 Jun 2015 12:16:19 +0000 (14:16 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Sun, 19 Jul 2015 18:13:10 +0000 (20:13 +0200)
lib/param/param_table.c		patch \| blob \| history
libcli/smb/smbXcli_base.c		patch \| blob \| history
libcli/smb/smb_constants.h		patch \| blob \| history
source4/smb_server/smb2/negprot.c		patch \| blob \| history