mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
lib:param: Add 'client protection' config option
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
5a751ea55e
commit
4c4353705f
@ -61,6 +61,13 @@ enum credentials_use_kerberos {
|
||||
CRED_USE_KERBEROS_REQUIRED,
|
||||
};
|
||||
|
||||
enum credentials_client_protection {
|
||||
CRED_CLIENT_PROTECTION_DEFAULT = -1,
|
||||
CRED_CLIENT_PROTECTION_PLAIN = 0,
|
||||
CRED_CLIENT_PROTECTION_SIGN,
|
||||
CRED_CLIENT_PROTECTION_ENCRYPT,
|
||||
};
|
||||
|
||||
enum credentials_krb_forwardable {
|
||||
CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */
|
||||
CRED_NO_KRB_FORWARDABLE, /* not forwardable */
|
||||
|
51
docs-xml/smbdotconf/security/clientprotection.xml
Normal file
51
docs-xml/smbdotconf/security/clientprotection.xml
Normal file
@ -0,0 +1,51 @@
|
||||
<samba:parameter name="client protection"
|
||||
context="G"
|
||||
type="enum"
|
||||
enumlist="enum_client_protection_vals"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>
|
||||
This parameter defines which protection Samba client
|
||||
tools should use by default.
|
||||
</para>
|
||||
|
||||
<para>Possible client settings are:</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<emphasis>default</emphasis> - Use the individual
|
||||
default values of the options:
|
||||
<itemizedlist>
|
||||
<listitem><para><parameter>client signing</parameter></para></listitem>
|
||||
<listitem><para><parameter>client smb encrypt</parameter></para></listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<emphasis>plain</emphasis> - This will send
|
||||
everything just as plaintext, signing or
|
||||
encryption are turned off.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<emphasis>sign</emphasis> - This will enable
|
||||
integrity checking.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
<emphasis>encrypt</emphasis> - This will enable
|
||||
integrity checks and force encryption for
|
||||
privacy.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</description>
|
||||
|
||||
<value type="default">default</value>
|
||||
</samba:parameter>
|
@ -2952,6 +2952,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
|
||||
"client use kerberos",
|
||||
"desired");
|
||||
|
||||
lpcfg_do_global_parameter(lp_ctx,
|
||||
"client protection",
|
||||
"default");
|
||||
|
||||
for (i = 0; parm_table[i].label; i++) {
|
||||
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
|
||||
lp_ctx->flags[i] |= FLAG_DEFAULT;
|
||||
|
@ -173,6 +173,14 @@ static const struct enum_list enum_use_kerberos_vals[] = {
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
static const struct enum_list enum_client_protection_vals[] = {
|
||||
{CRED_CLIENT_PROTECTION_DEFAULT, "default"},
|
||||
{CRED_CLIENT_PROTECTION_PLAIN, "plain"},
|
||||
{CRED_CLIENT_PROTECTION_SIGN, "sign"},
|
||||
{CRED_CLIENT_PROTECTION_ENCRYPT, "encrypt"},
|
||||
{-1, NULL}
|
||||
};
|
||||
|
||||
static const struct enum_list enum_mdns_name_values[] = {
|
||||
{MDNS_NAME_NETBIOS, "netbios"},
|
||||
{MDNS_NAME_MDNS, "mdns"},
|
||||
|
@ -959,6 +959,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
|
||||
|
||||
Globals._client_use_kerberos = CRED_USE_KERBEROS_DESIRED;
|
||||
|
||||
Globals.client_protection = CRED_CLIENT_PROTECTION_DEFAULT;
|
||||
|
||||
/* Now put back the settings that were set with lp_set_cmdline() */
|
||||
apply_lp_set_cmdline();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user