struct smb_signing_state *smb_signing_init(TALLOC_CTX *mem_ctx,
bool allowed,
bool desired,
bool mandatory)
{
return smb_signing_init_ex(mem_ctx, allowed, desired, mandatory,
NULL, NULL);
}
bool srv_init_signing(struct smbd_server_connection *conn)
{
bool allowed = true;
bool desired;
bool mandatory = false;
switch (lp_server_signing()) {
case SMB_SIGNING_REQUIRED:
mandatory = true;
break;
case SMB_SIGNING_IF_REQUIRED:
break;
case SMB_SIGNING_DEFAULT:
case SMB_SIGNING_OFF:
allowed = false;
break;
}
/*
* if the client and server allow signing,
* we desire to use it.
*
* This matches Windows behavior and is needed
* because not every client that requires signing
* sends FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
*/
desired = allowed;
if (lp_async_smb_echo_handler()) {
struct smbd_shm_signing *s;
/* setup the signing state in shared memory */
s = talloc_zero(conn, struct smbd_shm_signing);
if (s == NULL) {
return false;
}
s->shm_size = 4096;
s->shm_pointer =
(uint8_t *)anonymous_shared_allocate(s->shm_size);
if (s->shm_pointer == NULL) {
talloc_free(s);
return false;
}
talloc_set_destructor(s, smbd_shm_signing_destructor);
conn->smb1.signing_state = smb_signing_init_ex(s,
allowed, desired, mandatory,
smbd_shm_signing_alloc,
smbd_shm_signing_free);
if (!conn->smb1.signing_state) {
return false;
}
return true;
}
conn->smb1.signing_state = smb_signing_init(conn,
allowed, desired, mandatory);
if (!conn->smb1.signing_state) {
return false;
}
return true;
}
