2025-01-08 21:18:16 +03:00 · 2019-11-04 17:15:14 +01:00 · 2019-11-04 17:15:14 +01:00 · 7d09c1cc87
commit 7d09c1cc87
parent 3d1ecef173
5 changed files with 40 additions and 2 deletions
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@ -72,6 +72,7 @@
 #include "libds/common/roles.h"
 #include "lib/util/samba_util.h"
 #include "libcli/auth/ntlm_check.h"
 #include "lib/crypto/gnutls_helpers.h"
 #ifdef HAVE_HTTPCONNECTENCRYPT
 #include <cups/http.h>
@ -96,6 +97,19 @@ int lpcfg_rpc_high_port(struct loadparm_context *lp_ctx)
 	return lp_ctx->globals->rpc_high_port;
 }
 enum samba_weak_crypto lpcfg_weak_crypto(struct loadparm_context *lp_ctx)
 {
 	if (lp_ctx->globals->weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
 		lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
 		if (samba_gnutls_weak_crypto_allowed()) {
 			lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
 		}
 	}
 	return lp_ctx->globals->weak_crypto;
 }
 /**
 * Convenience routine to grab string parameters into temporary memory
 * and run standard_sub_basic on them.
@ -2607,6 +2621,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lp_ctx->globals->ctx = lp_ctx->globals;
 	lp_ctx->globals->rpc_low_port = SERVER_TCP_LOW_PORT;
 	lp_ctx->globals->rpc_high_port = SERVER_TCP_HIGH_PORT;
 	lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_UNKNOWN;
 	lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
 	lp_ctx->flags = talloc_zero_array(lp_ctx, unsigned int, num_parameters());
--- a/lib/param/loadparm.h
+++ b/lib/param/loadparm.h
@ -255,6 +255,13 @@ enum spotlight_backend_options {
 	SPOTLIGHT_BACKEND_ES,
 };
 /* FIPS values */
 enum samba_weak_crypto {
 	SAMBA_WEAK_CRYPTO_UNKNOWN,
 	SAMBA_WEAK_CRYPTO_ALLOWED,
 	SAMBA_WEAK_CRYPTO_DISALLOWED,
 };
 /*
 * Default passwd chat script.
 */
@ -292,7 +299,8 @@ enum spotlight_backend_options {
 	struct parmlist_entry *param_opt;				\
 	char *dnsdomain;						\
 	int rpc_low_port;						\
-	int rpc_high_port;
+	int rpc_high_port;						\
 	enum samba_weak_crypto weak_crypto;
 const char* server_role_str(uint32_t role);
 int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master);
--- a/lib/param/wscript_build
+++ b/lib/param/wscript_build
@ -40,7 +40,7 @@ bld.SAMBA_LIBRARY('samba-hostconfig',
 	pc_files='samba-hostconfig.pc',
 	vnum='0.0.1',
 	deps='DYNCONFIG server-role tdb',
-	public_deps='samba-util param_local.h',
+	public_deps='GNUTLS_HELPERS samba-util param_local.h',
 	public_headers='param.h',
 	autoproto='param_proto.h'
 	)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@ -765,6 +765,7 @@ bool lp_widelinks(int );
 int lp_rpc_low_port(void);
 int lp_rpc_high_port(void);
 bool lp_lanman_auth(void);
 enum samba_weak_crypto lp_weak_crypto(void);
 int lp_wi_scan_global_parametrics(
 	const char *regex, size_t max_matches,
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@ -73,6 +73,7 @@
 #include "librpc/gen_ndr/nbt.h"
 #include "source4/lib/tls/tls.h"
 #include "libcli/auth/ntlm_check.h"
 #include "lib/crypto/gnutls_helpers.h"
 #ifdef HAVE_SYS_SYSCTL_H
 #include <sys/sysctl.h>
@ -4736,3 +4737,16 @@ unsigned int * get_flags(void)
 	return flags_list;
 }
 enum samba_weak_crypto lp_weak_crypto()
 {
 	if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
 		Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
 		if (samba_gnutls_weak_crypto_allowed()) {
 			Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
 		}
 	}
 	return Globals.weak_crypto;
 }