lib/param: Create a seperate server role for "active directory domain controller"

[amitay/samba.git] / source4 / smb_server / smb2 / negprot.c

diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 892953635caf421965d399034d53e65c719140d0..83cae18bf312e3babd67cf484533e19a33d58fac 100644 (file)
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -123,7 +123,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
        ZERO_STRUCT(io->out);
 
        signing_setting = lpcfg_server_signing(lp_ctx);
-       if (signing_setting == SMB_SIGNING_AUTO) {
+       if (signing_setting == SMB_SIGNING_DEFAULT) {
                /*
                 * If we are a domain controller, SMB signing is
                 * really important, as it can prevent a number of
@@ -136,7 +136,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
                 * on non-DCs
                 */
 
-               if (lpcfg_server_role(lp_ctx) >= ROLE_DOMAIN_CONTROLLER) {
+               if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
                        signing_setting = SMB_SIGNING_REQUIRED;
                } else {
                        signing_setting = SMB_SIGNING_OFF;
@@ -144,10 +144,13 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
        }
 
        switch (signing_setting) {
+       case SMB_SIGNING_DEFAULT:
+               smb_panic(__location__);
+               break;
        case SMB_SIGNING_OFF:
                io->out.security_mode = 0;
                break;
-       case SMB_SIGNING_SUPPORTED:
+       case SMB_SIGNING_IF_REQUIRED:
                io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
                break;
        case SMB_SIGNING_REQUIRED: