svn commit: samba r3380 - in branches/SAMBA_4_0/source: include libcli/raw param smb_server

Sat Oct 30 01:22:53 GMT 2004

Author: tridge
Date: 2004-10-30 01:22:52 +0000 (Sat, 30 Oct 2004)
New Revision: 3380

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=3380

Log:
- changed the default behaviour of server signing. We now have a default
  setting of "server signing = auto", which means to offer signing
  only if we have domain logons enabled (ie. we are a DC). This is a
  better match for what windows clients want, as unfortunately windows
  clients always use signing if it is offered, and when they use signing
  they not only go slower because of the signing itself, they also
  disable large readx/writex support, so they end up sending very small
  IOs for.

- changed the default max xmit again, this time matching longhorn,
  which uses 12288. That seems to be a fairly good compromise value.

Modified:
   branches/SAMBA_4_0/source/include/smb.h
   branches/SAMBA_4_0/source/libcli/raw/smb_signing.c
   branches/SAMBA_4_0/source/param/loadparm.c
   branches/SAMBA_4_0/source/smb_server/signing.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/smb.h
===================================================================

--- branches/SAMBA_4_0/source/include/smb.h	2004-10-30 00:34:58 UTC (rev 3379)
+++ branches/SAMBA_4_0/source/include/smb.h	2004-10-30 01:22:52 UTC (rev 3380)
@@ -33,7 +33,8 @@
 #define SMB_PORT2 139
 #define SMB_PORTS "445 139"
 
-enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, SMB_SIGNING_REQUIRED};
+enum smb_signing_state {SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED, 
+			SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO};
 
 /* deny modes */
 #define DENY_DOS 0

Modified: branches/SAMBA_4_0/source/libcli/raw/smb_signing.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/raw/smb_signing.c	2004-10-30 00:34:58 UTC (rev 3379)
+++ branches/SAMBA_4_0/source/libcli/raw/smb_signing.c	2004-10-30 01:22:52 UTC (rev 3380)
@@ -394,6 +394,7 @@
 		transport->negotiate.sign_info.allow_smb_signing = False;
 		break;
 	case SMB_SIGNING_SUPPORTED:
+	case SMB_SIGNING_AUTO:
 		transport->negotiate.sign_info.allow_smb_signing = True;
 		break;
 	case SMB_SIGNING_REQUIRED:

Modified: branches/SAMBA_4_0/source/param/loadparm.c
===================================================================
--- branches/SAMBA_4_0/source/param/loadparm.c	2004-10-30 00:34:58 UTC (rev 3379)
+++ branches/SAMBA_4_0/source/param/loadparm.c	2004-10-30 01:22:52 UTC (rev 3380)
@@ -198,8 +198,8 @@
 	BOOL bLanmanAuth;
 	BOOL bNTLMAuth;
 	BOOL bUseSpnego;
-	BOOL server_signing;
-	BOOL client_signing;
+	int  server_signing;
+	int  client_signing;
 	BOOL bClientLanManAuth;
 	BOOL bClientNTLMv2Auth;
 	BOOL bHostMSDfs;
@@ -456,12 +456,12 @@
 	{SMB_SIGNING_SUPPORTED, "1"},
 	{SMB_SIGNING_SUPPORTED, "On"},
 	{SMB_SIGNING_SUPPORTED, "enabled"},
-	{SMB_SIGNING_SUPPORTED, "auto"},
 	{SMB_SIGNING_REQUIRED, "required"},
 	{SMB_SIGNING_REQUIRED, "mandatory"},
 	{SMB_SIGNING_REQUIRED, "force"},
 	{SMB_SIGNING_REQUIRED, "forced"},
 	{SMB_SIGNING_REQUIRED, "enforced"},
+	{SMB_SIGNING_AUTO, "auto"},
 	{-1, NULL}
 };
 
@@ -939,7 +939,7 @@
 	do_parameter("load printers", "True");
 
 	do_parameter("max mux", "50");
-	do_parameter("max xmit", "65535");
+	do_parameter("max xmit", "12288");
 	do_parameter("lpqcachetime", "10");
 	do_parameter("DisableSpoolss", "False");
 	do_parameter("password level", "0");
@@ -1006,7 +1006,7 @@
 	do_parameter("name cache timeout", "660"); /* In seconds */
 
 	do_parameter("client signing", "Yes");
-	do_parameter("server signing", "Yes");
+	do_parameter("server signing", "auto");
 
 	do_parameter("use spnego", "True");
 

Modified: branches/SAMBA_4_0/source/smb_server/signing.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/signing.c	2004-10-30 00:34:58 UTC (rev 3379)
+++ branches/SAMBA_4_0/source/smb_server/signing.c	2004-10-30 01:22:52 UTC (rev 3380)
@@ -110,6 +110,13 @@
 		smb_conn->signing.allow_smb_signing = True;
 		smb_conn->signing.mandatory_signing = True;
 		break;
+	case SMB_SIGNING_AUTO:
+		if (lp_domain_logons()) {
+			smb_conn->signing.allow_smb_signing = True;
+		} else {
+			smb_conn->signing.allow_smb_signing = False;
+		}
+		break;
 	}
 	return True;
 }

