lib/param: add "require strong key" option, defaulting to true

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index df2ff6e11bafc07853032035e7d6d18470bfdf27..0e41aec4f85e570bca5564854362683839dcb3aa 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2184,6 +2184,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "winbind separator", "\\");
        lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
+       lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
        lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
        lpcfg_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
        lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);

diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index e63cc66134b0e6e2d56f349d4d663b3eee131d0c..42419da24cfa5e0bf10c7bdf5b397b154d177a31 100644 (file)
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -206,6 +206,7 @@ FN_GLOBAL_BOOL(passdb_expand_explicit, bPassdbExpandExplicit)
 FN_GLOBAL_BOOL(passwd_chat_debug, bPasswdChatDebug)
 FN_GLOBAL_BOOL(registry_shares, bRegistryShares)
 FN_GLOBAL_BOOL(reject_md5_servers, bRejectMD5Servers)
+FN_GLOBAL_BOOL(require_strong_key, bRequireStrongKey)
 FN_GLOBAL_BOOL(reset_on_zero_vc, bResetOnZeroVC)
 FN_GLOBAL_BOOL(rpc_big_endian, bRpcBigEndian)
 FN_GLOBAL_BOOL(stat_cache, bStatCache)

diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index ba4e949b5463f9734111ae76869add5eb764df1e..bf4715c5ba7b8f4735c11c09c9abb259e695f128 100644 (file)
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -4207,6 +4207,15 @@ static struct parm_struct parm_table[] = {
                .enum_list      = NULL,
                .flags          = FLAG_ADVANCED,
        },
+       {
+               .label          = "require strong key",
+               .type           = P_BOOL,
+               .p_class        = P_GLOBAL,
+               .offset         = GLOBAL_VAR(bRequireStrongKey),
+               .special        = NULL,
+               .enum_list      = NULL,
+               .flags          = FLAG_ADVANCED,
+       },
 
        {N_("DNS options"), P_SEP, P_SEPARATOR},
        {