<description>
<para>This controls whether the client is allowed or required to use SMB1 and SMB2 signing. Possible values
- are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
+ are <emphasis>default</emphasis>, <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
and <emphasis>disabled</emphasis>.
</para>
+ <para>By default, and when smb signing is set to
+ <emphasis>default</emphasis>, smb signing enabled when
+ <smbconfoption name="server role"/> is <emphasis>active directory
+ domain controller</emphasis> and disabled otherwise.</para>
+
<para>When set to auto, SMB1 signing is offered, but not enforced.
When set to mandatory, SMB1 signing is required and if set
to disabled, SMB signing is not offered either.</para>
will still require SMB2 clients to use signing.</para>
</description>
-<value type="default">Disabled</value>
+<value type="default">default</value>
</samba:parameter>
return lp_find_security(lpcfg__server_role(lp_ctx),
lpcfg__security(lp_ctx));
}
+
+bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
+{
+ bool allowed = true;
+ enum smb_signing_setting signing_setting = lpcfg_server_signing(lp_ctx);
+
+ *mandatory = false;
+
+ if (signing_setting == SMB_SIGNING_DEFAULT) {
+ /*
+ * If we are a domain controller, SMB signing is
+ * really important, as it can prevent a number of
+ * attacks on communications between us and the
+ * clients
+ *
+ * However, it really sucks (no sendfile, CPU
+ * overhead) performance-wise when used on a
+ * file server, so disable it by default
+ * on non-DCs
+ */
+
+ if (lpcfg_server_role(lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
+ signing_setting = SMB_SIGNING_REQUIRED;
+ } else {
+ signing_setting = SMB_SIGNING_OFF;
+ }
+ }
+
+ switch (signing_setting) {
+ case SMB_SIGNING_REQUIRED:
+ *mandatory = true;
+ break;
+ case SMB_SIGNING_IF_REQUIRED:
+ break;
+ case SMB_SIGNING_DEFAULT:
+ case SMB_SIGNING_OFF:
+ allowed = false;
+ break;
+ }
+
+ return allowed;
+}
#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "../libcli/smb/smb_signing.h"
+#include "lib/param/param.h"
/***********************************************************
Called to validate an incoming packet from the client.
bool srv_init_signing(struct smbd_server_connection *conn)
{
- bool allowed = true;
+ bool allowed;
bool desired;
bool mandatory = false;
- switch (lp_server_signing()) {
- case SMB_SIGNING_REQUIRED:
- mandatory = true;
- break;
- case SMB_SIGNING_IF_REQUIRED:
- break;
- case SMB_SIGNING_DEFAULT:
- case SMB_SIGNING_OFF:
- allowed = false;
- break;
+ struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ return false;
}
/*
* because not every client that requires signing
* sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
*/
- desired = allowed;
+
+ allowed = desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
+ talloc_unlink(conn, lp_ctx);
if (lp_async_smb_echo_handler()) {
struct smbd_shm_signing *s;
bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
{
- enum smb_signing_setting signing_setting;
-
smb_conn->signing.mac_key = data_blob(NULL, 0);
if (!smbcli_set_signing_off(&smb_conn->signing)) {
return false;
}
- signing_setting = lpcfg_server_signing(smb_conn->lp_ctx);
- if (signing_setting == SMB_SIGNING_DEFAULT) {
- /*
- * If we are a domain controller, SMB signing is
- * really important, as it can prevent a number of
- * attacks on communications between us and the
- * clients
- *
- * However, it really sucks (no sendfile, CPU
- * overhead) performance-wise when used on a
- * file server, so disable it by default
- * on non-DCs
- */
-
- if (lpcfg_server_role(smb_conn->lp_ctx) >= ROLE_ACTIVE_DIRECTORY_DC) {
- signing_setting = SMB_SIGNING_REQUIRED;
- } else {
- signing_setting = SMB_SIGNING_OFF;
- }
- }
-
- switch (signing_setting) {
- case SMB_SIGNING_DEFAULT:
- smb_panic(__location__);
- break;
- case SMB_SIGNING_OFF:
- smb_conn->signing.allow_smb_signing = false;
- break;
- case SMB_SIGNING_IF_REQUIRED:
- smb_conn->signing.allow_smb_signing = true;
- break;
- case SMB_SIGNING_REQUIRED:
- smb_conn->signing.allow_smb_signing = true;
- smb_conn->signing.mandatory_signing = true;
- break;
- }
+ smb_conn->signing.allow_smb_signing
+ = lpcfg_server_signing_allowed(smb_conn->lp_ctx,
+ &smb_conn->signing.mandatory_signing);
return true;
}