[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-924-gdf7e447
Jeremy Allison
jra at samba.org
Fri Dec 28 01:06:52 GMT 2007
The branch, v3-2-test has been updated
via df7e447623ac03d81bec384f5cfe83c3976cf7b2 (commit)
from 1e07368b5f96e4ada622682e38d260eb0c6185f2 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit df7e447623ac03d81bec384f5cfe83c3976cf7b2
Author: Jeremy Allison <jra at samba.org>
Date: Thu Dec 27 16:54:07 2007 -0800
Add "smb encrypt" parameter. Can be set to "no, yes, required".
Currently if set required this is not enforced. I'll be adding
that soon.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/param/loadparm.c | 4 ++++
source/smbd/trans2.c | 25 ++++++++++++++++++++++++-
2 files changed, 28 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 7186d4f..16e9372 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -472,6 +472,7 @@ typedef struct {
int iAioWriteSize;
int iMap_readonly;
int iDirectoryNameCacheSize;
+ int ismb_encrypt;
param_opt_struct *param_opt;
char dummy[3]; /* for alignment */
@@ -617,6 +618,7 @@ static service sDefault = {
#else
100, /* iDirectoryNameCacheSize */
#endif
+ Auto, /* ismb_encrypt */
NULL, /* Parametric options */
"" /* dummy */
@@ -1027,6 +1029,7 @@ static struct parm_struct parm_table[] = {
{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_ADVANCED},
{"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
{"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
+ {"smb encrypt", P_ENUM, P_LOCAL, &sDefault.ismb_encrypt, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
{"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED},
{"client ldap sasl wrapping", P_ENUM, P_GLOBAL, &Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED},
{"enable asu support", P_BOOL, P_GLOBAL, &Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED},
@@ -2173,6 +2176,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize)
FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize)
FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
+FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 5a8fe41..ee47871 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -2729,11 +2729,27 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
{
bool large_write = lp_min_receive_file_size() &&
!srv_is_signing_active();
+ int encrypt_caps = 0;
if (!lp_unix_extensions()) {
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
}
+
+ switch (lp_smb_encrypt(SNUM(conn))) {
+ case 0:
+ encrypt_caps = 0;
+ break;
+ case 1:
+ case Auto:
+ encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP;
+ break;
+ case Required:
+ encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
+ CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP;
+ break;
+ }
+
data_len = 12;
SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION);
SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION);
@@ -2748,7 +2764,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
CIFS_UNIX_EXTATTR_CAP|
CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP|
CIFS_UNIX_LARGE_READ_CAP|
- CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
+ encrypt_caps|
(large_write ?
CIFS_UNIX_LARGE_WRITE_CAP : 0))));
break;
@@ -3016,6 +3032,13 @@ cap_low = 0x%x, cap_high = 0x%x\n",
return;
}
+ if (lp_smb_encrypt(SNUM(conn)) == false) {
+ reply_nterror(
+ req,
+ NT_STATUS_NOT_SUPPORTED);
+ return;
+ }
+
DEBUG( 4,("call_trans2setfsinfo: "
"request transport encrption.\n"));
--
Samba Shared Repository
More information about the samba-cvs
mailing list