From d88a2d900f5eaab0acda0d0715a5c8ad7e92b315 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 16 Apr 2019 11:41:46 +0200
Subject: [PATCH 197/208] s3:param: Force SMB encryption for DECRPC over named
pipes
If we do not allow weak crypto, we need to secure DCERPC with strong
crypto.
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source3/param/loadparm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 923c2473662..b52e2bcb036 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1616,6 +1616,11 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
ServicePtrs[i]->browseable = sDefault.browseable;
ServicePtrs[i]->autoloaded = false;
+ /* Force SMB encryption for DECRPC over named pipes. */
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ ServicePtrs[i]->smb_encrypt = SMB_SIGNING_REQUIRED;
+ }
+
DEBUG(3, ("adding IPC service\n"));
TALLOC_FREE(comment);
--
2.23.0