s4:smb_server: change the default for "server signing" to "default"

author Stefan Metzmacher <metze@samba.org>

Wed, 2 Nov 2011 17:03:24 +0000 (18:03 +0100)

committer Stefan Metzmacher <metze@samba.org>

Thu, 3 Nov 2011 15:55:11 +0000 (16:55 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 2 Nov 2011 17:03:24 +0000 (18:03 +0100)
committer Stefan Metzmacher <metze@samba.org>
Thu, 3 Nov 2011 15:55:11 +0000 (16:55 +0100)
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c

index 1048e6939103400cb7f30e44cfce82ae9976f30c..4216e09966bf88b3c25d3f7ca8e0de5a013de64b 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3382,7 +3382,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
         lpcfg_do_global_parameter(lp_ctx, "idmap trusted only", "False");
  
         lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
-       lpcfg_do_global_parameter(lp_ctx, "server signing", "auto");
+       lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
  
         lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
  
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c

index 3e08e219ec748b2a440ead52f960933974ec9c8f..a3c91f66390c9f6fdd7afeca3a3bd86e4fdb4a54 100644 (file)
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -85,7 +85,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
         }
  
         signing_setting = lpcfg_server_signing(smb_conn->lp_ctx);
-       if (signing_setting == SMB_SIGNING_AUTO) {
+       if (signing_setting == SMB_SIGNING_DEFAULT) {
                 /*
                  * If we are a domain controller, SMB signing is
                  * really important, as it can prevent a number of
@@ -106,6 +106,9 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
         }
  
         switch (signing_setting) {
+       case SMB_SIGNING_DEFAULT:
+               smb_panic(__location__);
+               break;
         case SMB_SIGNING_OFF:
                 smb_conn->signing.allow_smb_signing = false;
                 break;
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c

index 892953635caf421965d399034d53e65c719140d0..24521da42e3bec0dab60115cc7dd6cdf5f49bbe0 100644 (file)
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -123,7 +123,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
         ZERO_STRUCT(io->out);
  
         signing_setting = lpcfg_server_signing(lp_ctx);
-       if (signing_setting == SMB_SIGNING_AUTO) {
+       if (signing_setting == SMB_SIGNING_DEFAULT) {
                 /*
                  * If we are a domain controller, SMB signing is
                  * really important, as it can prevent a number of
@@ -144,6 +144,9 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
         }
  
         switch (signing_setting) {
+       case SMB_SIGNING_DEFAULT:
+               smb_panic(__location__);
+               break;
         case SMB_SIGNING_OFF:
                 io->out.security_mode = 0;
                 break;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 2 Nov 2011 17:03:24 +0000 (18:03 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 3 Nov 2011 15:55:11 +0000 (16:55 +0100)
lib/param/loadparm.c		patch \| blob \| history
source4/smb_server/smb/signing.c		patch \| blob \| history
source4/smb_server/smb2/negprot.c		patch \| blob \| history