lib/param: Consolidate code to enable smb signing on the server, always enable on...

This uses the code from the source4/ SMB server (the NTVFS smb server)
in common, to force SMB Signing to be on when we are an AD DC.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104

diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml
index 0aced5d3c17f878058d3d791121a0708f2a2188d..c94a3ee6ba298c2f54b980e61b877a953cc9c7c6 100644 (file)
--- a/docs-xml/smbdotconf/security/serversigning.xml
+++ b/docs-xml/smbdotconf/security/serversigning.xml
@@ -6,10 +6,15 @@
 <description>
 
     <para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values
-    are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
+    are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
     and <emphasis>disabled</emphasis>.
     </para>
 
+    <para>By default, and when smb signing is set to
+    <emphasis>default</emphasis>, smb signing enabled when
+    <smbconfoption name="server role"/> is <emphasis>active directory
+    domain controller</emphasis> and disabled otherwise.</para>
+
     <para>When set to auto, SMB1 signing is offered, but not enforced.
     When set to mandatory, SMB1 signing is required and if set
     to disabled, SMB signing is not offered either.</para>
@@ -20,5 +25,5 @@
     will still require SMB2 clients to use signing.</para>
 </description>
 
-<value type="default">Disabled</value>
+<value type="default">default</value>
 </samba:parameter>

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 71f62edf82824a14d4a4b0137fe56e2c4bab18a4..df2ff6e11bafc07853032035e7d6d18470bfdf27 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2611,3 +2611,45 @@ int lpcfg_security(struct loadparm_context *lp_ctx)
        return lp_find_security(lpcfg__server_role(lp_ctx),
                                lpcfg__security(lp_ctx));
 }
+
+bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
+{
+       bool allowed = true;
+       enum smb_signing_setting signing_setting = lpcfg_server_signing(lp_ctx);
+
+       *mandatory = false;
+
+       if (signing_setting == SMB_SIGNING_DEFAULT) {
+               /*
+                * If we are a domain controller, SMB signing is
+                * really important, as it can prevent a number of
+                * attacks on communications between us and the
+                * clients
+                *
+                * However, it really sucks (no sendfile, CPU
+                * overhead) performance-wise when used on a
+                * file server, so disable it by default
+                * on non-DCs
+                */
+
+               if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
+                       signing_setting = SMB_SIGNING_REQUIRED;
+               } else {
+                       signing_setting = SMB_SIGNING_OFF;
+               }
+       }
+
+       switch (signing_setting) {
+       case SMB_SIGNING_REQUIRED:
+               *mandatory = true;
+               break;
+       case SMB_SIGNING_IF_REQUIRED:
+               break;
+       case SMB_SIGNING_DEFAULT:
+       case SMB_SIGNING_OFF:
+               allowed = false;
+               break;
+       }
+
+       return allowed;
+}

diff --git a/source3/smbd/signing.c b/source3/smbd/signing.c
index 2b622244c9f8d22fc38d9a05b324e120e1b0e27b..295c9f1b790334234870dc2564ad9284865103ae 100644 (file)
--- a/source3/smbd/signing.c
+++ b/source3/smbd/signing.c
@@ -23,6 +23,7 @@
 #include "smbd/smbd.h"
 #include "smbd/globals.h"
 #include "../libcli/smb/smb_signing.h"
+#include "lib/param/param.h"
 
 /***********************************************************
  Called to validate an incoming packet from the client.
@@ -168,20 +169,14 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr)
 
 bool srv_init_signing(struct smbd_server_connection *conn)
 {
-       bool allowed = true;
+       bool allowed;
        bool desired;
        bool mandatory = false;
 
-       switch (lp_server_signing()) {
-       case SMB_SIGNING_REQUIRED:
-               mandatory = true;
-               break;
-       case SMB_SIGNING_IF_REQUIRED:
-               break;
-       case SMB_SIGNING_DEFAULT:
-       case SMB_SIGNING_OFF:
-               allowed = false;
-               break;
+       struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
+       if (lp_ctx == NULL) {
+               DEBUG(10, ("loadparm_init_s3 failed\n"));
+               return false;
        }
 
        /*
@@ -192,7 +187,9 @@ bool srv_init_signing(struct smbd_server_connection *conn)
         * because not every client that requires signing
         * sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
         */
-       desired = allowed;
+
+       allowed = desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
+       talloc_unlink(conn, lp_ctx);
 
        if (lp_async_smb_echo_handler()) {
                struct smbd_shm_signing *s;

diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
index d632e87ea7b8fb4df92ab05ab2fb25e65c00655c..3fe7cff94fdf222409372c6f30850013527ff387 100644 (file)
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -77,49 +77,14 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
 
 bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 {
-       enum smb_signing_setting signing_setting;
-
        smb_conn->signing.mac_key = data_blob(NULL, 0);
        if (!smbcli_set_signing_off(&smb_conn->signing)) {
                return false;
        }
 
-       signing_setting = lpcfg_server_signing(smb_conn->lp_ctx);
-       if (signing_setting == SMB_SIGNING_DEFAULT) {
-               /*
-                * If we are a domain controller, SMB signing is
-                * really important, as it can prevent a number of
-                * attacks on communications between us and the
-                * clients
-                *
-                * However, it really sucks (no sendfile, CPU
-                * overhead) performance-wise when used on a
-                * file server, so disable it by default
-                * on non-DCs
-                */
-
-               if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
-                       signing_setting = SMB_SIGNING_REQUIRED;
-               } else {
-                       signing_setting = SMB_SIGNING_OFF;
-               }
-       }
-
-       switch (signing_setting) {
-       case SMB_SIGNING_DEFAULT:
-               smb_panic(__location__);
-               break;
-       case SMB_SIGNING_OFF:
-               smb_conn->signing.allow_smb_signing = false;
-               break;
-       case SMB_SIGNING_IF_REQUIRED:
-               smb_conn->signing.allow_smb_signing = true;
-               break;
-       case SMB_SIGNING_REQUIRED:
-               smb_conn->signing.allow_smb_signing = true;
-               smb_conn->signing.mandatory_signing = true;
-               break;
-       }
+       smb_conn->signing.allow_smb_signing
+               = lpcfg_server_signing_allowed(smb_conn->lp_ctx,
+                                              &smb_conn->signing.mandatory_signing);
        return true;
 }