The Samba-Bugzilla – Attachment 11240 Details for
Bug 11372
smbd: SMB3 functionality of "smb encrypt" broken/confusing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
updated patchset for 4.2
bug-11372.v4-2-test.patch (text/plain), 20.35 KB, created by
Michael Adam
on 2015-07-07 22:21:51 UTC
(
hide
)
Description:
updated patchset for 4.2
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2015-07-07 22:21:51 UTC
Size:
20.35 KB
patch
obsolete
>From ccdc227aed688c10a858fe6eae63157adfbdcae5 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 25 Feb 2015 16:59:26 +0100 >Subject: [PATCH 1/9] smbd: Make SMB3 clients use encryption with "smb encrypt > = auto" > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Tue Mar 3 10:40:42 CET 2015 on sn-devel-104 > >(cherry picked from commit b3385f74db54bd8a07a0be5515151b633c067da4) >--- > source3/smbd/smb2_sesssetup.c | 5 +++++ > source3/smbd/smb2_tcon.c | 5 +++++ > 2 files changed, 10 insertions(+) > >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index 85f8a9a..28c74bd 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -190,6 +190,11 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, > x->global->signing_required = true; > } > >+ if ((lp_smb_encrypt(-1) > SMB_SIGNING_OFF) && >+ (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) { >+ x->global->encryption_required = true; >+ } >+ > if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) { > x->global->encryption_required = true; > } >diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c >index 8a6d339..da06ea9 100644 >--- a/source3/smbd/smb2_tcon.c >+++ b/source3/smbd/smb2_tcon.c >@@ -235,6 +235,11 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > return NT_STATUS_BAD_NETWORK_NAME; > } > >+ if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) && >+ (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) { >+ encryption_required = true; >+ } >+ > if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) { > encryption_required = true; > } >-- >2.4.3 > > >From 81e9151d2ccebb2568b19cedab1d85e6c34f0477 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 30 Jun 2015 14:16:19 +0200 >Subject: [PATCH 2/9] Introduce setting "desired" for 'smb encrypt' and > 'client/server signing' > >This should trigger the behaviour where the server requires >signing when the client supports it, but does not reject >clients that don't support it. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 204cbe3645c59b43175beeadad792b4a00e80da3) >--- > lib/param/loadparm.c | 1 + > lib/param/param_table.c | 1 + > libcli/smb/smbXcli_base.c | 6 ++++++ > libcli/smb/smb_constants.h | 1 + > source4/smb_server/smb2/negprot.c | 1 + > 5 files changed, 10 insertions(+) > >diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c >index dff1ca9..ae60cbf 100644 >--- a/lib/param/loadparm.c >+++ b/lib/param/loadparm.c >@@ -3189,6 +3189,7 @@ bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandato > case SMB_SIGNING_REQUIRED: > *mandatory = true; > break; >+ case SMB_SIGNING_DESIRED: > case SMB_SIGNING_IF_REQUIRED: > break; > case SMB_SIGNING_DEFAULT: >diff --git a/lib/param/param_table.c b/lib/param/param_table.c >index 1b9656b..530d858 100644 >--- a/lib/param/param_table.c >+++ b/lib/param/param_table.c >@@ -113,6 +113,7 @@ static const struct enum_list enum_smb_signing_vals[] = { > {SMB_SIGNING_IF_REQUIRED, "On"}, > {SMB_SIGNING_IF_REQUIRED, "enabled"}, > {SMB_SIGNING_IF_REQUIRED, "auto"}, >+ {SMB_SIGNING_DESIRED, "desired"}, > {SMB_SIGNING_REQUIRED, "required"}, > {SMB_SIGNING_REQUIRED, "mandatory"}, > {SMB_SIGNING_REQUIRED, "force"}, >diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c >index c27b317..803b6ee 100644 >--- a/libcli/smb/smbXcli_base.c >+++ b/libcli/smb/smbXcli_base.c >@@ -357,6 +357,12 @@ struct smbXcli_conn *smbXcli_conn_create(TALLOC_CTX *mem_ctx, > conn->desire_signing = false; > conn->mandatory_signing = false; > break; >+ case SMB_SIGNING_DESIRED: >+ /* if the server desires it */ >+ conn->allow_signing = true; >+ conn->desire_signing = true; >+ conn->mandatory_signing = false; >+ break; > case SMB_SIGNING_REQUIRED: > /* always */ > conn->allow_signing = true; >diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h >index f841ca9..9b57078 100644 >--- a/libcli/smb/smb_constants.h >+++ b/libcli/smb/smb_constants.h >@@ -96,6 +96,7 @@ enum smb_signing_setting { > SMB_SIGNING_DEFAULT = -1, > SMB_SIGNING_OFF = 0, > SMB_SIGNING_IF_REQUIRED = 1, >+ SMB_SIGNING_DESIRED = 2, > SMB_SIGNING_REQUIRED = 3, > }; > >diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c >index 81f2547..b48b170 100644 >--- a/source4/smb_server/smb2/negprot.c >+++ b/source4/smb_server/smb2/negprot.c >@@ -150,6 +150,7 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2 > case SMB_SIGNING_OFF: > io->out.security_mode = 0; > break; >+ case SMB_SIGNING_DESIRED: > case SMB_SIGNING_IF_REQUIRED: > io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; > break; >-- >2.4.3 > > >From 148d1db291135b4355a72a362d466a577c908298 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 1 Jul 2015 17:34:45 +0200 >Subject: [PATCH 3/9] smbXsrv: add bools encryption_desired to session and tcon > >This is to indicate that we should sen the ENCRYPT_DATA >flag on session or tcon replies. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit a3ea6dbef53e049701326497e684e1563344e6d8) >--- > source3/librpc/idl/smbXsrv.idl | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl >index 0035442..e32496a 100644 >--- a/source3/librpc/idl/smbXsrv.idl >+++ b/source3/librpc/idl/smbXsrv.idl >@@ -190,6 +190,7 @@ interface smbXsrv > [ignore] gensec_security *gensec; > [ignore] user_struct *compat; > [ignore] smbXsrv_tcon_table *tcon_table; >+ boolean8 encryption_desired; > } smbXsrv_session; > > typedef union { >@@ -284,6 +285,7 @@ interface smbXsrv > NTSTATUS status; > NTTIME idle_time; > [ignore] connection_struct *compat; >+ boolean8 encryption_desired; > } smbXsrv_tcon; > > typedef union { >-- >2.4.3 > > >From 0cd551368326d078c87f8d8af88b7cdfcf807988 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 1 Jul 2015 17:42:58 +0200 >Subject: [PATCH 4/9] smbd:smb2: separate between encryption required and enc > desired > >this means we: >- accept unencrypted requests if encryption only desired > and not required, >- but we always send encrypted responses in the desired > case, not only when the request was encrypted. > >For this purpose, the do_encryption in the request >structure is separated into was_encrypted and do_encryption. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 3bb299944391633c45d87d5e8ad48c2c14428592) >--- > source3/smbd/globals.h | 3 +++ > source3/smbd/smb2_server.c | 18 ++++++++++++++---- > 2 files changed, 17 insertions(+), 4 deletions(-) > >diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h >index 2aed98e..3194b45 100644 >--- a/source3/smbd/globals.h >+++ b/source3/smbd/globals.h >@@ -646,6 +646,9 @@ struct smbd_smb2_request { > > int current_idx; > bool do_signing; >+ /* Was the request encrypted? */ >+ bool was_encrypted; >+ /* Should we encrypt? */ > bool do_encryption; > struct tevent_timer *async_te; > bool compound_related; >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index 2739734..ebfe1d6 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -1939,6 +1939,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > NTSTATUS return_value; > struct smbXsrv_session *x = NULL; > bool signing_required = false; >+ bool encryption_desired = false; > bool encryption_required = false; > > inhdr = SMBD_SMB2_IN_HDR_PTR(req); >@@ -1984,11 +1985,13 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > x = req->session; > if (x != NULL) { > signing_required = x->global->signing_required; >+ encryption_desired = x->encryption_desired; > encryption_required = x->global->encryption_required; > } > > req->do_signing = false; > req->do_encryption = false; >+ req->was_encrypted = false; > if (intf_v->iov_len == SMB2_TF_HDR_SIZE) { > const uint8_t *intf = SMBD_SMB2_IN_TF_PTR(req); > uint64_t tf_session_id = BVAL(intf, SMB2_TF_SESSION_ID); >@@ -2010,10 +2013,10 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > NT_STATUS_ACCESS_DENIED); > } > >- req->do_encryption = true; >+ req->was_encrypted = true; > } > >- if (encryption_required && !req->do_encryption) { >+ if (encryption_required && !req->was_encrypted) { > return smbd_smb2_request_error(req, > NT_STATUS_ACCESS_DENIED); > } >@@ -2045,7 +2048,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > req->compat_chain_fsp = NULL; > } > >- if (req->do_encryption) { >+ if (req->was_encrypted) { > signing_required = false; > } else if (signing_required || (flags & SMB2_HDR_FLAG_SIGNED)) { > DATA_BLOB signing_key = data_blob_null; >@@ -2131,15 +2134,22 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > if (!NT_STATUS_IS_OK(status)) { > return smbd_smb2_request_error(req, status); > } >+ if (req->tcon->encryption_desired) { >+ encryption_desired = true; >+ } > if (req->tcon->global->encryption_required) { > encryption_required = true; > } >- if (encryption_required && !req->do_encryption) { >+ if (encryption_required && !req->was_encrypted) { > return smbd_smb2_request_error(req, > NT_STATUS_ACCESS_DENIED); > } > } > >+ if (req->was_encrypted || encryption_desired) { >+ req->do_encryption = true; >+ } >+ > if (call->fileid_ofs != 0) { > size_t needed = call->fileid_ofs + 16; > const uint8_t *body = SMBD_SMB2_IN_BODY_PTR(req); >-- >2.4.3 > > >From 4261bb75c040428259a9af8d3618dfd31c3ca991 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 1 Jul 2015 18:07:26 +0200 >Subject: [PATCH 5/9] smbd:smb2: only enable encryption in session if desired > >Don't enforce it but only announce ENCRYPT_DATA, using the >encryption_desired flag in session setup. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit fc228025d78f165815d3fa1670d51f0c27ed2091) >--- > source3/smbd/smb2_sesssetup.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index 28c74bd..e255e46 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -190,12 +190,13 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, > x->global->signing_required = true; > } > >- if ((lp_smb_encrypt(-1) > SMB_SIGNING_OFF) && >+ if ((lp_smb_encrypt(-1) >= SMB_SIGNING_DESIRED) && > (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) { >- x->global->encryption_required = true; >+ x->encryption_desired = true; > } > > if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) { >+ x->encryption_desired = true; > x->global->encryption_required = true; > } > >@@ -222,7 +223,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, > } > } > >- if (x->global->encryption_required) { >+ if (x->encryption_desired) { > *out_session_flags |= SMB2_SESSION_FLAG_ENCRYPT_DATA; > } > >-- >2.4.3 > > >From d3a3814f936be2ab2b38a08e35f245f4344ce554 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 1 Jul 2015 18:07:52 +0200 >Subject: [PATCH 6/9] smbd:smb2: only enable encryption in tcon if desired > >Don't enforce it but only announce DATA_ENCRYPT, >making use of encryption_desired in tcon. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 41cb881e775ea7eb0c59d9e0cafb6ab5531918d9) >--- > source3/smbd/smb2_tcon.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c >index da06ea9..e3680a0 100644 >--- a/source3/smbd/smb2_tcon.c >+++ b/source3/smbd/smb2_tcon.c >@@ -184,6 +184,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > connection_struct *compat_conn = NULL; > struct user_struct *compat_vuser = req->session->compat; > NTSTATUS status; >+ bool encryption_desired = req->session->encryption_desired; > bool encryption_required = req->session->global->encryption_required; > bool guest_session = false; > >@@ -235,12 +236,13 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > return NT_STATUS_BAD_NETWORK_NAME; > } > >- if ((lp_smb_encrypt(snum) > SMB_SIGNING_OFF) && >+ if ((lp_smb_encrypt(snum) >= SMB_SIGNING_DESIRED) && > (conn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) { >- encryption_required = true; >+ encryption_desired = true; > } > > if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) { >+ encryption_desired = true; > encryption_required = true; > } > >@@ -269,6 +271,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > return status; > } > >+ tcon->encryption_desired = encryption_desired; > tcon->global->encryption_required = encryption_required; > > compat_conn = make_connection_smb2(req, >@@ -339,7 +342,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > *out_share_flags |= SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM; > } > >- if (encryption_required) { >+ if (encryption_desired) { > *out_share_flags |= SMB2_SHAREFLAG_ENCRYPT_DATA; > } > >-- >2.4.3 > > >From eda3d35a535322a84a6aadc0e242d6880f9d8a7f Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 1 Jul 2015 17:41:38 +0200 >Subject: [PATCH 7/9] smbd:smb2: use encryption_desired in send_break > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 14357700fd69291995ce6adebb13e7340a63c209) >--- > source3/smbd/smb2_server.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index ebfe1d6..e723f6d 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -2780,8 +2780,8 @@ static NTSTATUS smbd_smb2_send_break(struct smbXsrv_connection *xconn, > > if (session != NULL) { > session_wire_id = session->global->session_wire_id; >- do_encryption = session->global->encryption_required; >- if (tcon->global->encryption_required) { >+ do_encryption = session->encryption_desired; >+ if (tcon->encryption_desired) { > do_encryption = true; > } > } >-- >2.4.3 > > >From e9e6b3466a6ffe1fabf21ac8e68f4a4629fb8f4e Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 30 Jun 2015 17:46:36 +0200 >Subject: [PATCH 8/9] docs:smb.conf: explain effect of new setting 'desired' of > smb encrypt > >Thereby clarify some details. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 365d9d8bdfe9759ef9662d0080cf9c9a0767dbf2) >--- > docs-xml/smbdotconf/security/smbencrypt.xml | 66 ++++++++++++++++++++--------- > 1 file changed, 47 insertions(+), 19 deletions(-) > >diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml b/docs-xml/smbdotconf/security/smbencrypt.xml >index 14b32c2..284fe9e 100644 >--- a/docs-xml/smbdotconf/security/smbencrypt.xml >+++ b/docs-xml/smbdotconf/security/smbencrypt.xml >@@ -31,11 +31,15 @@ > <para> > This parameter can be set globally and on a per-share bases. > Possible values are >- <emphasis>off</emphasis> or <emphasis>disabled</emphasis>, >- <emphasis>auto</emphasis> or <emphasis>enabled</emphasis>, and >- <emphasis>mandatory</emphasis> or <emphasis>required</emphasis>. >+ <emphasis>off</emphasis> (or <emphasis>disabled</emphasis>), >+ <emphasis>enabled</emphasis> (or <emphasis>auto</emphasis>, or >+ <emphasis>if_required</emphasis>), >+ <emphasis>desired</emphasis>, >+ and >+ <emphasis>required</emphasis> >+ (or <emphasis>mandatory</emphasis>). > A special value is <emphasis>default</emphasis> which is >- the implicit default setting. >+ the implicit default setting of <emphasis>enabled</emphasis>. > </para> > > <variablelist> >@@ -104,7 +108,7 @@ > <listitem> > <para> > The capability to perform SMB encryption can be >- negotiated during prorocol negotiation. >+ negotiated during protocol negotiation. > </para> > </listitem> > >@@ -146,8 +150,9 @@ > <itemizedlist> > <listitem> > <para> >- Leaving it as default or explicitly setting >- <emphasis>default</emphasis> globally will enable >+ Leaving it as default, explicitly setting >+ <emphasis>default</emphasis>, or setting it to >+ <emphasis>enabled</emphasis> globally will enable > negotiation of encryption but will not turn on > data encryption globally or per share. > </para> >@@ -155,16 +160,20 @@ > > <listitem> > <para> >- Setting it to <emphasis>enabled</emphasis> globally will >- enable negotiation and turn on data encryption globally. >+ Setting it to <emphasis>desired</emphasis> globally >+ will enable negotiation and will turn on data encryption >+ on sessions and share connections for those clients >+ that support it. > </para> > </listitem> > > <listitem> > <para> > Setting it to <emphasis>required</emphasis> globally >- will enable negotiation and enforce data encryption >- globally. >+ will enable negotiation and turn on data encryption >+ on sessions and share connections. Clients that do >+ not support encryption will be denied access to the >+ server. > </para> > </listitem> > >@@ -177,9 +186,10 @@ > > <listitem> > <para> >- Setting it to <emphasis>enabled</emphasis> on a share >- will turn on data encryption for this share if >- negotiation has been enabled globally. >+ Setting it to <emphasis>desired</emphasis> on a share >+ will turn on data encryption for this share for clients >+ that support encryption if negotiation has been >+ enabled globally. > </para> > </listitem> > >@@ -187,16 +197,34 @@ > <para> > Setting it to <emphasis>required</emphasis> on a share > will enforce data encryption for this share if >- negotiation has been enabled globally. Note that this >- allows enforcing to be controlled in Samba more >- fine-grainedly than in Windows. This is a small >- deviation from the MS-SMB2 protocol document. >+ negotiation has been enabled globally. I.e. clients that >+ do not support encryption will be denied access to the >+ share. >+ </para> >+ <para> >+ Note that this allows per-share enforcing to be >+ controlled in Samba differently from Windows: >+ In Windows, <emphasis>RejectUnencryptedAccess</emphasis> >+ is a global setting, and if it is set, all shares with >+ data encryption turned on >+ are automatically enforcing encryption. In order to >+ achieve the same effect in Samba, one >+ has to globally set <emphasis>smb encrypt</emphasis> to >+ <emphasis>enabled</emphasis>, and then set all shares >+ that should be encrypted to >+ <emphasis>required</emphasis>. >+ Additionally, it is possible in Samba to have some >+ shares with encryption <emphasis>required</emphasis> >+ and some other shares with encryption only >+ <emphasis>desired</emphasis>, which is not possible in >+ Windows. > </para> > </listitem> > > <listitem> > <para> >- Setting it to <emphasis>off</emphasis> for a share has >+ Setting it to <emphasis>off</emphasis> or >+ <emphasis>enabled</emphasis> for a share has > no effect. > </para> > </listitem> >-- >2.4.3 > > >From 06e0bc4273d7740c6e1f7e56a1f3626b9dbca22b Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 7 Jul 2015 17:15:00 +0200 >Subject: [PATCH 9/9] smbd:trans2: treat new SMB_SIGNING_DESIRED in case > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 > >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 76f8d0fbada15c9466f66a2d9961bebd1425d141) >--- > source3/smbd/trans2.c | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c >index 40983cc..a937023 100644 >--- a/source3/smbd/trans2.c >+++ b/source3/smbd/trans2.c >@@ -3608,6 +3608,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned > case SMB_SIGNING_OFF: > encrypt_caps = 0; > break; >+ case SMB_SIGNING_DESIRED: > case SMB_SIGNING_IF_REQUIRED: > case SMB_SIGNING_DEFAULT: > encrypt_caps = CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP; >-- >2.4.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
obnox
:
review+
gd
:
review+
Actions:
View
Attachments on
bug 11372
:
11218
|
11219
|
11239
| 11240