34 lines
1.0 KiB
Diff
34 lines
1.0 KiB
Diff
From d88a2d900f5eaab0acda0d0715a5c8ad7e92b315 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 16 Apr 2019 11:41:46 +0200
|
|
Subject: [PATCH 197/208] s3:param: Force SMB encryption for DECRPC over named
|
|
pipes
|
|
|
|
If we do not allow weak crypto, we need to secure DCERPC with strong
|
|
crypto.
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
---
|
|
source3/param/loadparm.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
|
|
index 923c2473662..b52e2bcb036 100644
|
|
--- a/source3/param/loadparm.c
|
|
+++ b/source3/param/loadparm.c
|
|
@@ -1616,6 +1616,11 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
|
|
ServicePtrs[i]->browseable = sDefault.browseable;
|
|
ServicePtrs[i]->autoloaded = false;
|
|
|
|
+ /* Force SMB encryption for DECRPC over named pipes. */
|
|
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
|
|
+ ServicePtrs[i]->smb_encrypt = SMB_SIGNING_REQUIRED;
|
|
+ }
|
|
+
|
|
DEBUG(3, ("adding IPC service\n"));
|
|
|
|
TALLOC_FREE(comment);
|
|
--
|
|
2.23.0
|
|
|