[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-924-gdf7e447

Fri Dec 28 01:06:52 GMT 2007

The branch, v3-2-test has been updated
       via  df7e447623ac03d81bec384f5cfe83c3976cf7b2 (commit)
      from  1e07368b5f96e4ada622682e38d260eb0c6185f2 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit df7e447623ac03d81bec384f5cfe83c3976cf7b2
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Dec 27 16:54:07 2007 -0800

    Add "smb encrypt" parameter. Can be set to "no, yes, required".
    Currently if set required this is not enforced. I'll be adding
    that soon.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/param/loadparm.c |    4 ++++
 source/smbd/trans2.c    |   25 ++++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 7186d4f..16e9372 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -472,6 +472,7 @@ typedef struct {
 	int iAioWriteSize;
 	int iMap_readonly;
 	int iDirectoryNameCacheSize;
+	int ismb_encrypt;
 	param_opt_struct *param_opt;
 
 	char dummy[3];		/* for alignment */
@@ -617,6 +618,7 @@ static service sDefault = {
 #else
 	100,			/* iDirectoryNameCacheSize */
 #endif
+	Auto,			/* ismb_encrypt */
 	NULL,			/* Parametric options */
 
 	""			/* dummy */
@@ -1027,6 +1029,7 @@ static struct parm_struct parm_table[] = {
 	{"use spnego", P_BOOL, P_GLOBAL, &Globals.bUseSpnego, NULL, NULL, FLAG_ADVANCED}, 
 	{"client signing", P_ENUM, P_GLOBAL, &Globals.client_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, 
 	{"server signing", P_ENUM, P_GLOBAL, &Globals.server_signing, NULL, enum_smb_signing_vals, FLAG_ADVANCED}, 
+	{"smb encrypt", P_ENUM, P_LOCAL, &sDefault.ismb_encrypt, NULL, enum_smb_signing_vals, FLAG_ADVANCED},
 	{"client use spnego", P_BOOL, P_GLOBAL, &Globals.bClientUseSpnego, NULL, NULL, FLAG_ADVANCED}, 
 	{"client ldap sasl wrapping", P_ENUM, P_GLOBAL, &Globals.client_ldap_sasl_wrapping, NULL, enum_ldap_sasl_wrapping, FLAG_ADVANCED},
 	{"enable asu support", P_BOOL, P_GLOBAL, &Globals.bASUSupport, NULL, NULL, FLAG_ADVANCED}, 
@@ -2173,6 +2176,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize)
 FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize)
 FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
 FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
+FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
 FN_LOCAL_CHAR(lp_magicchar, magic_char)
 FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
 FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 5a8fe41..ee47871 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -2729,11 +2729,27 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
 		{
 			bool large_write = lp_min_receive_file_size() &&
 						!srv_is_signing_active();
+			int encrypt_caps = 0;
 
 			if (!lp_unix_extensions()) {
 				reply_nterror(req, NT_STATUS_INVALID_LEVEL);
 				return;
 			}
+
+			switch (lp_smb_encrypt(SNUM(conn))) {
+			case 0:
+				encrypt_caps = 0;
+				break;
+			case 1:
+			case Auto:
+				encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP;
+				break;
+			case Required:
+				encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
+						CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP;
+				break;
+			}
+
 			data_len = 12;
 			SSVAL(pdata,0,CIFS_UNIX_MAJOR_VERSION);
 			SSVAL(pdata,2,CIFS_UNIX_MINOR_VERSION);
@@ -2748,7 +2764,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
 					CIFS_UNIX_EXTATTR_CAP|
 					CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP|
 					CIFS_UNIX_LARGE_READ_CAP|
-					CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP|
+					encrypt_caps|
 					(large_write ?
 					CIFS_UNIX_LARGE_WRITE_CAP : 0))));
 			break;
@@ -3016,6 +3032,13 @@ cap_low = 0x%x, cap_high = 0x%x\n",
 					return;
 				}
 
+				if (lp_smb_encrypt(SNUM(conn)) == false) {
+					reply_nterror(
+						req,
+						NT_STATUS_NOT_SUPPORTED);
+					return;
+				}
+
 				DEBUG( 4,("call_trans2setfsinfo: "
 					"request transport encrption.\n"));
 


-- 
Samba Shared Repository
