[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Nov 3 11:34:02 MDT 2011
The branch, master has been updated
via 05d3a6f s3:param: change default of "* signing" to "default"
via caa1346 s3:smbd: make use of SMB_SIGNING_* constants
via 7de6949 s3:libsmb: make use of SMB_SIGNING_* constants
via b3f126b s3:lib: make use of SMB_SIGNING_* constants
via a7051df s3:libsmb: make use of SMB_SIGNING_* constants
via 1b04e54 s3:libsmb: s/Undefined/SMB_SIGNING_DEFAULT/
via 59dcdfd s3:torture: s/Undefined/SMB_SIGNING_DEFAULT/ s/Required/SMB_SIGNING_REQUIRED/
via 784cf12 s3:lib: s/Undefined/SMB_SIGNING_DEFAULT/
via 19eaaa8 s3:lib/netapi: s/Undefined/SMB_SIGNING_DEFAULT/
via 07cd85f s3:libnet: s/Undefined/SMB_SIGNING_DEFAULT/
via 6db6703 s3:winbindd: s/Undefined/SMB_SIGNING_DEFAULT/
via c4fecca s3:web: s/Undefined/SMB_SIGNING_DEFAULT/
via 92a6f57 s3:utils: s/Undefined/SMB_SIGNING_DEFAULT/
via f61fb18 s3:nmbd: s/Undefined/SMB_SIGNING_DEFAULT/
via 2202c3c s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/
via ff66e52 s3:client: s/Undefined/SMB_SIGNING_DEFAULT/
via 4d89983 s3:param: make use of SMB_SIGNING_* constants
via 22344f3 libcli/smb: use the same values for SMB_SIGNING_* as the source3 code uses
via 812c3dc libcli/smb: remove unused SMB_SIGNING_SUPPORTED
via beb5687 s4:smb_server: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/
via f072749 s4:libcli/smb2: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/
via 2d55bfd s4:libcli/raw: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/
via 4d81938 lib/param: use SMB_SIGNING_IF_REQUIRED instead of SMB_SIGNING_SUPPORTED
via a4ac06a libcli/smb: add SMB_SIGNING_IF_REQUIRED as replacement for SMB_SIGNING_SUPPORTED
via feace94 libcli/smb: SMB_SIGNING_AUTO is no longer used
via 01ccd59 s4:libcli/smb2: remove unused SMB_SIGNING_AUTO handling
via 4fe0e82 s4:libcli/raw: remove unused SMB_SIGNING_AUTO handling
via 53c926c lib/param: map "* signing = auto" to SMB_SIGNING_SUPPORTED
via 71959d5 s4:smb_server: change the default for "server signing" to "default"
via 908550f lib/param: change the default for "client signing" to "default"
via 22902ef s4:libcli/smb2: SMB_SIGNING_DEFAULT matches SMB_SIGNING_SUPPORTED on the client for now
via 0789fbf s4:libcli/raw: SMB_SIGNING_DEFAULT matches SMB_SIGNING_SUPPORTED on the client for now
via 18205ac libcli/smb: add SMB_SIGNING_DEFAULT
via ebb9d4d s4:smb_server/smb2: add the same SMB_SIGNING_AUTO logic as for smb1
via aa70b7e selftest/Samba4: use "server signing = on" for now
via 716da10 s4:smb_server/smb: make the SMB_SIGNING_AUTO behavior a bit easier to follow
via 44d7774 s3:param: the behavior of "client/server signing = auto" is the same as "true"
via f293438 s4:libcli/smb2: let SMB_SIGNING_AUTO behave like SMB_SIGNING_SUPPORTED
via 418908e s4:libcli/raw: only use smb signing if required
via 09fe037 s3:libsmb: restore the 3.6.x behavior signing config parameters
from fe6913a samba-tool: Fix short description and error msgs in domain level
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 05d3a6f2192f85ee8b7db046f54f918810ebd84c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 19:08:54 2011 +0100
s3:param: change default of "* signing" to "default"
This should not change the bahavior.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Thu Nov 3 18:33:34 CET 2011 on sn-devel-104
commit caa134672c053f56360ef602b7f8b9d66b216ad3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 19:07:45 2011 +0100
s3:smbd: make use of SMB_SIGNING_* constants
metze
commit 7de694974eb234ed45f907196f6415da998b23da
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:55:55 2011 +0100
s3:libsmb: make use of SMB_SIGNING_* constants
metze
commit b3f126b44cdffa9773d99a765a07a186997c9906
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 19:00:57 2011 +0100
s3:lib: make use of SMB_SIGNING_* constants
metze
commit a7051dfcff9b739db91040b315b1892edecbf795
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:55:55 2011 +0100
s3:libsmb: make use of SMB_SIGNING_* constants
metze
commit 1b04e54b57150297e2b2cbbed6edf3da041ad938
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:libsmb: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 59dcdfd17502ecf15ddae26d220fbc1d480625c8
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:torture: s/Undefined/SMB_SIGNING_DEFAULT/ s/Required/SMB_SIGNING_REQUIRED/
metze
commit 784cf12fb1bd2c81ab59695c90f663803f8e0079
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:lib: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 19eaaa803028750fdfe8ef6bd77bc1942f364a16
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:lib/netapi: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 07cd85fd8b6819cb036c8b9f47d06ecc1b6b1db1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:libnet: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 6db670386b21c063ead76cdbf8cca6c2770079c2
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:winbindd: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit c4fecca26157993ea75448a6e9d60a8f6b23cb0f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:web: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 92a6f577ce1f3a14ff11d5320a0fe54ec0d947ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:utils: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit f61fb18e0a1ad3217075adc97e4f058d334480e4
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:nmbd: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 2202c3ce0231f449ae6cb1443c1b6c9e90af7709
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:auth: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit ff66e521e0edf44c194c59c7c99240ae400f1651
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:41:50 2011 +0100
s3:client: s/Undefined/SMB_SIGNING_DEFAULT/
metze
commit 4d8998302c6bb821bfb3a42d40c4c429211d6da8
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:34:27 2011 +0100
s3:param: make use of SMB_SIGNING_* constants
metze
commit 22344f3e03e89f6e666c38157c9356cf8a99c08e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:21:49 2011 +0100
libcli/smb: use the same values for SMB_SIGNING_* as the source3 code uses
The source3 code currently uses:
#define Undefined (-1)
#define False false
#define True true
#define Required (3)
In order to make the rewrite easier we should match the values.
metze
commit 812c3dc80a8c5f05f4e17af3c0cb4507a57703e0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:19:18 2011 +0100
libcli/smb: remove unused SMB_SIGNING_SUPPORTED
metze
commit beb5687e9eacbcdf7acc762a0b5f424045ef05ae
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:16:01 2011 +0100
s4:smb_server: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/
metze
commit f07274978ab8d52d8d3cea1659fe07cc362c9dc5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:16:01 2011 +0100
s4:libcli/smb2: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/
metze
commit 2d55bfd8dec673f961567a5a09a74d79130db978
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:16:01 2011 +0100
s4:libcli/raw: s/SMB_SIGNING_SUPPORTED/SMB_SIGNING_IF_REQUIRED/
metze
commit 4d819389f2d8a40ce928d7211ec1d0054037acad
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:13:45 2011 +0100
lib/param: use SMB_SIGNING_IF_REQUIRED instead of SMB_SIGNING_SUPPORTED
metze
commit a4ac06a4bef15b050092fad9eab6ccd9fa02f9b6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:11:51 2011 +0100
libcli/smb: add SMB_SIGNING_IF_REQUIRED as replacement for SMB_SIGNING_SUPPORTED
metze
commit feace943d564ac88445f033d7f94d31a52a3bf57
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:10:17 2011 +0100
libcli/smb: SMB_SIGNING_AUTO is no longer used
metze
commit 01ccd59ce03c96f7999cd5639215fbc6c669f204
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:09:23 2011 +0100
s4:libcli/smb2: remove unused SMB_SIGNING_AUTO handling
metze
commit 4fe0e828af8425d1927eb19e7224e7174dd08c2c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:09:23 2011 +0100
s4:libcli/raw: remove unused SMB_SIGNING_AUTO handling
metze
commit 53c926c1ebc1e887dff408fe72705d22b8aa0d82
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:06:12 2011 +0100
lib/param: map "* signing = auto" to SMB_SIGNING_SUPPORTED
metze
commit 71959d5e1ff0e524877081268ea4028e9cbbf9ed
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:03:24 2011 +0100
s4:smb_server: change the default for "server signing" to "default"
metze
commit 908550f3c27c69d1a7f405a03bac86d985201670
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 18:03:24 2011 +0100
lib/param: change the default for "client signing" to "default"
metze
commit 22902ef9b87648c21cbc753d2f63d0093b1f15d3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:59:54 2011 +0100
s4:libcli/smb2: SMB_SIGNING_DEFAULT matches SMB_SIGNING_SUPPORTED on the client for now
metze
commit 0789fbf697d4aaa2f063ab82a3e06d781fd3dec9
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:59:54 2011 +0100
s4:libcli/raw: SMB_SIGNING_DEFAULT matches SMB_SIGNING_SUPPORTED on the client for now
metze
commit 18205ac7adfa4674ee6bfebbcf01bb862c3473b2
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:25:45 2011 +0100
libcli/smb: add SMB_SIGNING_DEFAULT
metze
commit ebb9d4dc542eefbad8bb3d36e3b0ddb65402e192
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:50:23 2011 +0100
s4:smb_server/smb2: add the same SMB_SIGNING_AUTO logic as for smb1
metze
commit aa70b7e0fcafbc92dd779e42dcc5ed55f4035bcf
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 3 07:34:30 2011 +0100
selftest/Samba4: use "server signing = on" for now
Otherwise the smb2.compound test fails as it doesn't work
with signing yet.
metze
commit 716da104987293ea84035c50d5beae35081ea756
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:48:45 2011 +0100
s4:smb_server/smb: make the SMB_SIGNING_AUTO behavior a bit easier to follow
The prepares a future change to SMB_SIGNING_DEFAULT.
metze
commit 44d7774a1816da7ce02dadc98535fd67a10905ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:30:34 2011 +0100
s3:param: the behavior of "client/server signing = auto" is the same as "true"
So remove the special case for 'Auto'.
metze
commit f293438abdfb2f84df6a8c0b6f4bf1c02063e97b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:21:03 2011 +0100
s4:libcli/smb2: let SMB_SIGNING_AUTO behave like SMB_SIGNING_SUPPORTED
This matches the smb1 behavior.
metze
commit 418908eb21fa8c6b36addd26e89f521fa77c745b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 17:02:03 2011 +0100
s4:libcli/raw: only use smb signing if required
This matches the source3 code, I want to have the behavior
in common before I put the config options in common.
Later we may change this consitently in all code.
metze
commit 09fe037b649edf4c58ec6a4f398af566c6a81fde
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 15:43:54 2011 +0100
s3:libsmb: restore the 3.6.x behavior signing config parameters
metze
-----------------------------------------------------------------------
Summary of changes:
lib/param/loadparm.c | 18 +++++++------
libcli/smb/smb_constants.h | 7 ++++-
selftest/target/Samba4.pm | 4 +++
source3/auth/auth_domain.c | 2 +-
source3/auth/auth_server.c | 3 +-
source3/client/client.c | 2 +-
source3/client/smbspool.c | 2 +-
source3/lib/netapi/cm.c | 2 +-
source3/lib/util_cmdline.c | 11 ++++----
source3/libnet/libnet_join.c | 6 ++--
source3/libsmb/cliconnect.c | 2 +-
source3/libsmb/clientgen.c | 17 ++++---------
source3/libsmb/libsmb_context.c | 8 +++---
source3/libsmb/libsmb_server.c | 6 ++--
source3/libsmb/passchange.c | 2 +-
source3/libsmb/trusts_util.c | 2 +-
source3/nmbd/nmbd_synclists.c | 4 +-
source3/param/loadparm.c | 38 +++++++++++++++-------------
source3/smbd/negprot.c | 9 ++++---
source3/smbd/signing.c | 9 +++----
source3/smbd/smb2_negprot.c | 2 +-
source3/smbd/smb2_sesssetup.c | 4 +-
source3/torture/locktest.c | 2 +-
source3/torture/locktest2.c | 2 +-
source3/torture/masktest.c | 4 +-
source3/torture/torture.c | 8 +++---
source3/utils/net_ads.c | 2 +-
source3/utils/net_rpc.c | 3 +-
source3/utils/net_time.c | 2 +-
source3/utils/net_util.c | 7 +++--
source3/utils/netlookup.c | 2 +-
source3/web/diagnose.c | 2 +-
source3/winbindd/winbindd_cm.c | 2 +-
source4/libcli/raw/smb_signing.c | 8 +++---
source4/libcli/smb2/connect.c | 14 +++-------
source4/smb_server/smb/signing.c | 49 ++++++++++++++++++++++---------------
source4/smb_server/smb2/negprot.c | 32 ++++++++++++++++++++++--
37 files changed, 168 insertions(+), 131 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 4274e9b..e8993a2 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -142,22 +142,24 @@ static const struct enum_list enum_csc_policy[] = {
/* SMB signing types. */
static const struct enum_list enum_smb_signing_vals[] = {
+ {SMB_SIGNING_DEFAULT, "default"},
{SMB_SIGNING_OFF, "No"},
{SMB_SIGNING_OFF, "False"},
{SMB_SIGNING_OFF, "0"},
{SMB_SIGNING_OFF, "Off"},
{SMB_SIGNING_OFF, "disabled"},
- {SMB_SIGNING_SUPPORTED, "Yes"},
- {SMB_SIGNING_SUPPORTED, "True"},
- {SMB_SIGNING_SUPPORTED, "1"},
- {SMB_SIGNING_SUPPORTED, "On"},
- {SMB_SIGNING_SUPPORTED, "enabled"},
+ {SMB_SIGNING_IF_REQUIRED, "if_required"},
+ {SMB_SIGNING_IF_REQUIRED, "Yes"},
+ {SMB_SIGNING_IF_REQUIRED, "True"},
+ {SMB_SIGNING_IF_REQUIRED, "1"},
+ {SMB_SIGNING_IF_REQUIRED, "On"},
+ {SMB_SIGNING_IF_REQUIRED, "enabled"},
+ {SMB_SIGNING_IF_REQUIRED, "auto"},
{SMB_SIGNING_REQUIRED, "required"},
{SMB_SIGNING_REQUIRED, "mandatory"},
{SMB_SIGNING_REQUIRED, "force"},
{SMB_SIGNING_REQUIRED, "forced"},
{SMB_SIGNING_REQUIRED, "enforced"},
- {SMB_SIGNING_AUTO, "auto"},
{-1, NULL}
};
@@ -3380,8 +3382,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
lpcfg_do_global_parameter(lp_ctx, "idmap trusted only", "False");
- lpcfg_do_global_parameter(lp_ctx, "client signing", "Yes");
- lpcfg_do_global_parameter(lp_ctx, "server signing", "auto");
+ lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
+ lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index e7898f8..7c4620a 100644
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -88,8 +88,11 @@ enum protocol_types {
};
enum smb_signing_setting {
- SMB_SIGNING_OFF, SMB_SIGNING_SUPPORTED,
- SMB_SIGNING_REQUIRED, SMB_SIGNING_AUTO};
+ SMB_SIGNING_DEFAULT = -1,
+ SMB_SIGNING_OFF = 0,
+ SMB_SIGNING_IF_REQUIRED = 1,
+ SMB_SIGNING_REQUIRED = 3,
+};
/* types of buffers in core SMB protocol */
#define SMB_DATA_BLOCK 0x1
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 506bbee..029629d 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -616,6 +616,10 @@ sub provision_raw_step1($$)
dreplsrv:periodic_startup_interval = 0
passdb backend = samba4
+
+ # remove this again, when our smb2 client library
+ # supports signin on compound related requests
+ server signing = on
";
if (defined($ctx->{sid_generator}) && $ctx->{sid_generator} ne "internal") {
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index a4e798e..696b18b 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -147,7 +147,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
/* Attempt connection */
result = cli_full_connection(cli, lp_netbios_name(), dc_name, dc_ss, 0,
- "IPC$", "IPC", "", "", "", 0, Undefined);
+ "IPC$", "IPC", "", "", "", 0, SMB_SIGNING_DEFAULT);
if (!NT_STATUS_IS_OK(result)) {
/* map to something more useful */
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 8a9e5cd..3bd69cd 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -88,7 +88,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
}
status = cli_connect_nb(desthost, &dest_ss, 0, 0x20,
- lp_netbios_name(), Undefined, flags, &cli);
+ lp_netbios_name(), SMB_SIGNING_DEFAULT,
+ flags, &cli);
if (NT_STATUS_IS_OK(status)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = True;
diff --git a/source3/client/client.c b/source3/client/client.c
index beb3dca..f06b241 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5230,7 +5230,7 @@ static int do_message_op(struct user_auth_info *a_info)
status = cli_connect_nb(desthost, have_ip ? &dest_ss : NULL,
port ? port : 139, name_type,
- lp_netbios_name(), Undefined, 0, &cli);
+ lp_netbios_name(), SMB_SIGNING_DEFAULT, 0, &cli);
if (!NT_STATUS_IS_OK(status)) {
d_printf("Connection to %s failed. Error %s\n", desthost, nt_errstr(status));
return 1;
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 0be8d51..b7955ee 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -402,7 +402,7 @@ smb_complete_connection(const char *myname,
/* Start the SMB connection */
*need_auth = false;
nt_status = cli_start_connection(&cli, myname, server, NULL, port,
- Undefined, flags);
+ SMB_SIGNING_DEFAULT, flags);
if (!NT_STATUS_IS_OK(nt_status)) {
fprintf(stderr, "ERROR: Connection failed: %s\n", nt_errstr(nt_status));
return NULL;
diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
index 251e98c..e1e7a41 100644
--- a/source3/lib/netapi/cm.c
+++ b/source3/lib/netapi/cm.c
@@ -87,7 +87,7 @@ static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
if (!auth_info) {
return WERR_NOMEM;
}
- auth_info->signing_state = Undefined;
+ auth_info->signing_state = SMB_SIGNING_DEFAULT;
set_cmdline_auth_info_use_kerberos(auth_info, ctx->use_kerberos);
set_cmdline_auth_info_username(auth_info, ctx->username);
if (ctx->password) {
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index 81b158e..9fbdf77 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -39,7 +39,7 @@ struct user_auth_info *user_auth_info_init(TALLOC_CTX *mem_ctx)
return NULL;
}
- result->signing_state = Undefined;
+ result->signing_state = SMB_SIGNING_DEFAULT;
return result;
}
@@ -104,16 +104,17 @@ void set_cmdline_auth_info_password(struct user_auth_info *auth_info,
bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info,
const char *arg)
{
- auth_info->signing_state = -1;
+ auth_info->signing_state = SMB_SIGNING_DEFAULT;
if (strequal(arg, "off") || strequal(arg, "no") ||
strequal(arg, "false")) {
- auth_info->signing_state = false;
+ auth_info->signing_state = SMB_SIGNING_OFF;
} else if (strequal(arg, "on") || strequal(arg, "yes") ||
+ strequal(arg, "if_required") ||
strequal(arg, "true") || strequal(arg, "auto")) {
- auth_info->signing_state = true;
+ auth_info->signing_state = SMB_SIGNING_IF_REQUIRED;
} else if (strequal(arg, "force") || strequal(arg, "required") ||
strequal(arg, "forced")) {
- auth_info->signing_state = Required;
+ auth_info->signing_state = SMB_SIGNING_REQUIRED;
} else {
return false;
}
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 757225f..5a36d34 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -699,7 +699,7 @@ static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
NULL,
pass,
flags,
- Undefined);
+ SMB_SIGNING_DEFAULT);
}
/****************************************************************
@@ -1179,7 +1179,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
NULL,
machine_password,
0,
- Undefined);
+ SMB_SIGNING_DEFAULT);
free(machine_account);
free(machine_password);
@@ -1192,7 +1192,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
NULL,
"",
0,
- Undefined);
+ SMB_SIGNING_DEFAULT);
}
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 391903b..049763f 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -3213,7 +3213,7 @@ struct cli_state *get_ipc_connect(char *server,
lp_workgroup(),
user_info->password ? user_info->password : "",
flags,
- Undefined);
+ SMB_SIGNING_DEFAULT);
if (NT_STATUS_IS_OK(nt_status)) {
return cli;
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 117fc99..db980a4 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -236,32 +236,25 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
use_level_II_oplocks = true;
}
- if (signing_state == Undefined) {
+ if (signing_state == SMB_SIGNING_DEFAULT) {
signing_state = lp_client_signing();
}
switch (signing_state) {
- case false:
+ case SMB_SIGNING_OFF:
/* never */
allow_smb_signing = false;
desire_smb_signing = false;
mandatory_signing = false;
break;
- case true:
- /* if the server supports it */
- allow_smb_signing = true;
- desire_smb_signing = true;
- mandatory_signing = false;
- break;
default:
- case Undefined:
- case Auto:
- /* if the server requires it */
+ case SMB_SIGNING_DEFAULT:
+ case SMB_SIGNING_IF_REQUIRED:
allow_smb_signing = true;
desire_smb_signing = false;
mandatory_signing = false;
break;
- case Required:
+ case SMB_SIGNING_REQUIRED:
/* always */
allow_smb_signing = true;
desire_smb_signing = true;
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index 978fac9..6c78cb9 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -739,12 +739,12 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context,
use_kerberos = True;
}
- if (lp_client_signing()) {
- signing_state = "on";
+ if (lp_client_signing() != SMB_SIGNING_OFF) {
+ signing_state = "if_required";
}
- if (lp_client_signing() == Required) {
- signing_state = "force";
+ if (lp_client_signing() == SMB_SIGNING_REQUIRED) {
+ signing_state = "required";
}
set_cmdline_auth_info_username(auth_info, user);
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 0af9798..deac46a 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -420,7 +420,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
*/
status = cli_connect_nb(server_n, NULL, 139, 0x20,
smbc_getNetbiosName(context),
- Undefined, flags, &c);
+ SMB_SIGNING_DEFAULT, flags, &c);
}
if (!NT_STATUS_IS_OK(status)) {
@@ -429,7 +429,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
*/
status = cli_connect_nb(server_n, NULL, 0, 0x20,
smbc_getNetbiosName(context),
- Undefined, flags, &c);
+ SMB_SIGNING_DEFAULT, flags, &c);
}
if (!NT_STATUS_IS_OK(status)) {
@@ -735,7 +735,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
*pp_workgroup,
*pp_password,
flags,
- Undefined);
+ SMB_SIGNING_DEFAULT);
if (! NT_STATUS_IS_OK(nt_status)) {
DEBUG(1,("cli_full_connection failed! (%s)\n",
nt_errstr(nt_status)));
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 58997e4..b959bcd 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -56,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
*err_str = NULL;
result = cli_connect_nb(remote_machine, NULL, 0, 0x20, NULL,
- Undefined, 0, &cli);
+ SMB_SIGNING_DEFAULT, 0, &cli);
if (!NT_STATUS_IS_OK(result)) {
if (asprintf(err_str, "Unable to connect to SMB server on "
"machine %s. Error was : %s.\n",
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 8305425..be1f1f8 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -167,7 +167,7 @@ NTSTATUS change_trust_account_password( const char *domain, const char *remote_m
NULL, 0,
"IPC$", "IPC",
"", "",
- "", 0, Undefined))) {
+ "", 0, SMB_SIGNING_DEFAULT))) {
DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name));
nt_status = NT_STATUS_UNSUCCESSFUL;
goto failed;
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index 7a256a3..cc0068b 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -82,8 +82,8 @@ static void sync_child(char *name, int nm_type,
in_addr_to_sockaddr_storage(&ss, ip);
status = cli_connect_nb(name, &ss, 139, nm_type,
- get_local_machine_name(), Undefined, 0,
- &cli);
+ get_local_machine_name(), SMB_SIGNING_DEFAULT,
+ 0, &cli);
if (!NT_STATUS_IS_OK(status)) {
return;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 407ef68..36e35e8 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -435,22 +435,24 @@ static const struct enum_list enum_csc_policy[] = {
/* SMB signing types. */
static const struct enum_list enum_smb_signing_vals[] = {
- {false, "No"},
- {false, "False"},
- {false, "0"},
- {false, "Off"},
- {false, "disabled"},
- {true, "Yes"},
- {true, "True"},
- {true, "1"},
- {true, "On"},
- {true, "enabled"},
- {Auto, "auto"},
- {Required, "required"},
- {Required, "mandatory"},
- {Required, "force"},
- {Required, "forced"},
- {Required, "enforced"},
+ {SMB_SIGNING_DEFAULT, "default"},
+ {SMB_SIGNING_OFF, "No"},
+ {SMB_SIGNING_OFF, "False"},
+ {SMB_SIGNING_OFF, "0"},
+ {SMB_SIGNING_OFF, "Off"},
+ {SMB_SIGNING_OFF, "disabled"},
+ {SMB_SIGNING_IF_REQUIRED, "if_required"},
+ {SMB_SIGNING_IF_REQUIRED, "Yes"},
+ {SMB_SIGNING_IF_REQUIRED, "True"},
+ {SMB_SIGNING_IF_REQUIRED, "1"},
+ {SMB_SIGNING_IF_REQUIRED, "On"},
+ {SMB_SIGNING_IF_REQUIRED, "enabled"},
+ {SMB_SIGNING_IF_REQUIRED, "auto"},
+ {SMB_SIGNING_REQUIRED, "required"},
+ {SMB_SIGNING_REQUIRED, "mandatory"},
+ {SMB_SIGNING_REQUIRED, "force"},
+ {SMB_SIGNING_REQUIRED, "forced"},
+ {SMB_SIGNING_REQUIRED, "enforced"},
{-1, NULL}
};
@@ -4978,8 +4980,8 @@ static void init_globals(bool reinit_globals)
Globals.bUseSpnego = true;
Globals.bClientUseSpnego = true;
- Globals.client_signing = Auto;
- Globals.server_signing = false;
+ Globals.client_signing = SMB_SIGNING_DEFAULT;
+ Globals.server_signing = SMB_SIGNING_DEFAULT;
Globals.bDeferSharingViolations = true;
string_set(&Globals.smb_ports, SMB_PORTS);
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index a0ed52d..3afa8b1 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -368,16 +368,16 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
- if (lp_server_signing()) {
+ if (lp_server_signing() != SMB_SIGNING_OFF) {
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
- if (lp_server_signing() == Required)
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED)
secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
} else {
DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
- if (lp_server_signing() == Required) {
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
}
}
@@ -736,7 +736,8 @@ void reply_negprot(struct smb_request *req)
DEBUG( 5, ( "negprot index=%d\n", choice ) );
- if ((lp_server_signing() == Required) && (get_Protocol() < PROTOCOL_NT1)) {
+ if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
+ && (get_Protocol() < PROTOCOL_NT1)) {
exit_server_cleanly("SMB signing is required and "
"client negotiated a downlevel protocol");
}
diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c
index 8e08ae9..8e4c50f 100644
--- a/source3/smbd/signing.c
+++ b/source3/smbd/signing.c
@@ -161,14 +161,13 @@ bool srv_init_signing(struct smbd_server_connection *conn)
bool mandatory = false;
switch (lp_server_signing()) {
- case Required:
+ case SMB_SIGNING_REQUIRED:
mandatory = true;
break;
- case Auto:
+ case SMB_SIGNING_IF_REQUIRED:
break;
- case True:
- break;
- case False:
+ case SMB_SIGNING_DEFAULT:
+ case SMB_SIGNING_OFF:
allowed = false;
break;
}
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 1733728..ba55662 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -186,7 +186,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
- if (lp_server_signing() == Required) {
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 6e06b9f..64fa446 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -223,7 +223,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
}
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
- lp_server_signing() == Required) {
+ lp_server_signing() == SMB_SIGNING_REQUIRED) {
session->do_signing = true;
}
@@ -434,7 +434,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
bool guest = false;
--
Samba Shared Repository
More information about the samba-cvs
mailing list