CVE-2016-2115: docs-xml: add "client ipc signing" option
[samba.git] / source3 / param / loadparm.c
index bcd3322c77a7d704a6d7f01b5b71a0316aba9825..a893c5db9396e31dfe45d1e01cb3b9bb2e036abb 100644 (file)
@@ -824,6 +824,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.client_use_spnego = true;
 
        Globals.client_signing = SMB_SIGNING_DEFAULT;
+       Globals._client_ipc_signing = SMB_SIGNING_DEFAULT;
        Globals.server_signing = SMB_SIGNING_DEFAULT;
 
        Globals.defer_sharing_violations = true;
@@ -4470,6 +4471,19 @@ int lp_client_ipc_max_protocol(void)
        return client_ipc_max_protocol;
 }
 
+int lp_client_ipc_signing(void)
+{
+       int client_ipc_signing = lp__client_ipc_signing();
+       if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
+               int ipc_min_protocol = lp_client_ipc_min_protocol();
+               if (ipc_min_protocol >= PROTOCOL_SMB2_02) {
+                       return SMB_SIGNING_REQUIRED;
+               }
+               return lp_client_signing();
+       }
+       return client_ipc_signing;
+}
+
 struct loadparm_global * get_globals(void)
 {
        return &Globals;