rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0197-s3-param-Force-SMB-encryption-for-DECRPC-over-named-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420 c9s-sig-storage-samba-421
  1.   8683206b0a75e122dc03b497e4a663ac3491c75e
  2.   SOURCES
  3.   0197-s3-param-Force-SMB-encryption-for-DECRPC-over-named-.patch
Blob History Raw
b6b438 
From d88a2d900f5eaab0acda0d0715a5c8ad7e92b315 Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Tue, 16 Apr 2019 11:41:46 +0200
b6b438 
Subject: [PATCH 197/208] s3:param: Force SMB encryption for DECRPC over named
b6b438 
 pipes
b6b438
b6b438 
If we do not allow weak crypto, we need to secure DCERPC with strong
b6b438 
crypto.
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
---
b6b438 
 source3/param/loadparm.c | 5 +++++
b6b438 
 1 file changed, 5 insertions(+)
b6b438
b6b438 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
b6b438 
index 923c2473662..b52e2bcb036 100644
b6b438 
--- a/source3/param/loadparm.c
b6b438 
+++ b/source3/param/loadparm.c
b6b438 
@@ -1616,6 +1616,11 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
b6b438 
 	ServicePtrs[i]->browseable = sDefault.browseable;
b6b438 
 	ServicePtrs[i]->autoloaded = false;
b6b438
b6b438 
+	/* Force SMB encryption for DECRPC over named pipes. */
b6b438 
+	if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
b6b438 
+		ServicePtrs[i]->smb_encrypt = SMB_SIGNING_REQUIRED;
b6b438 
+	}
b6b438 
+
b6b438 
 	DEBUG(3, ("adding IPC service\n"));
b6b438
b6b438 
 	TALLOC_FREE(comment);
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation