rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0197-s3-param-Force-SMB-encryption-for-DECRPC-over-named-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420
  1.   1524bce68237a310d30890f913d121753a7d972c
  2.   SOURCES
  3.   0197-s3-param-Force-SMB-encryption-for-DECRPC-over-named-.patch
Blob History Raw
1524bc 
From d88a2d900f5eaab0acda0d0715a5c8ad7e92b315 Mon Sep 17 00:00:00 2001
1524bc 
From: Andreas Schneider <asn@samba.org>
1524bc 
Date: Tue, 16 Apr 2019 11:41:46 +0200
1524bc 
Subject: [PATCH 197/208] s3:param: Force SMB encryption for DECRPC over named
1524bc 
 pipes
1524bc
1524bc 
If we do not allow weak crypto, we need to secure DCERPC with strong
1524bc 
crypto.
1524bc
1524bc 
Signed-off-by: Andreas Schneider <asn@samba.org>
1524bc 
---
1524bc 
 source3/param/loadparm.c | 5 +++++
1524bc 
 1 file changed, 5 insertions(+)
1524bc
1524bc 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
1524bc 
index 923c2473662..b52e2bcb036 100644
1524bc 
--- a/source3/param/loadparm.c
1524bc 
+++ b/source3/param/loadparm.c
1524bc 
@@ -1616,6 +1616,11 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
1524bc 
 	ServicePtrs[i]->browseable = sDefault.browseable;
1524bc 
 	ServicePtrs[i]->autoloaded = false;
1524bc
1524bc 
+	/* Force SMB encryption for DECRPC over named pipes. */
1524bc 
+	if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
1524bc 
+		ServicePtrs[i]->smb_encrypt = SMB_SIGNING_REQUIRED;
1524bc 
+	}
1524bc 
+
1524bc 
 	DEBUG(3, ("adding IPC service\n"));
1524bc
1524bc 
 	TALLOC_FREE(comment);
1524bc 
--
1524bc 
2.23.0
1524bc

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation