1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-03-15 23:52:30 +01:00
parent 1667e73ada
commit c52097ae17
3 changed files with 3 additions and 20 deletions

View File

@ -11,16 +11,7 @@
and <emphasis>disabled</emphasis>. and <emphasis>disabled</emphasis>.
</para> </para>
<para>The default value is the same as the effective value of <para>When set to mandatory or default, SMB signing is required.</para>
<smbconfoption name="client signing"/> if the effective value of
<smbconfoption name="client ipc min protocol"/> is
<constant>NT1</constant>. In any other case the default value is
<constant>mandatory</constant>.</para>
<para>Note that the default value will be changed to <constant>mandatory</constant>
in all cases for Samba 4.5</para>
<para>When the effective value of this option is <constant>mandatory</constant>, SMB signing is required.</para>
<para>When set to auto, SMB signing is offered, but not enforced and if set <para>When set to auto, SMB signing is offered, but not enforced and if set
to disabled, SMB signing is not offered either.</para> to disabled, SMB signing is not offered either.</para>

View File

@ -3350,11 +3350,7 @@ int lpcfg_client_ipc_signing(struct loadparm_context *lp_ctx)
{ {
int client_ipc_signing = lpcfg__client_ipc_signing(lp_ctx); int client_ipc_signing = lpcfg__client_ipc_signing(lp_ctx);
if (client_ipc_signing == SMB_SIGNING_DEFAULT) { if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
int ipc_min_protocol = lpcfg_client_ipc_min_protocol(lp_ctx); return SMB_SIGNING_REQUIRED;
if (ipc_min_protocol >= PROTOCOL_SMB2_02) {
return SMB_SIGNING_REQUIRED;
}
return lpcfg_client_signing(lp_ctx);
} }
return client_ipc_signing; return client_ipc_signing;
} }

View File

@ -4466,11 +4466,7 @@ int lp_client_ipc_signing(void)
{ {
int client_ipc_signing = lp__client_ipc_signing(); int client_ipc_signing = lp__client_ipc_signing();
if (client_ipc_signing == SMB_SIGNING_DEFAULT) { if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
int ipc_min_protocol = lp_client_ipc_min_protocol(); return SMB_SIGNING_REQUIRED;
if (ipc_min_protocol >= PROTOCOL_SMB2_02) {
return SMB_SIGNING_REQUIRED;
}
return lp_client_signing();
} }
return client_ipc_signing; return client_ipc_signing;
} }