#include "libds/common/roles.h"
#include "lib/util/samba_util.h"
#include "libcli/auth/ntlm_check.h"
+#include "lib/crypto/gnutls_helpers.h"
#ifdef HAVE_HTTPCONNECTENCRYPT
#include <cups/http.h>
return lp_ctx->globals->rpc_high_port;
}
+enum samba_weak_crypto lpcfg_weak_crypto(struct loadparm_context *lp_ctx)
+{
+ if (lp_ctx->globals->weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
+ lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
+
+ if (samba_gnutls_weak_crypto_allowed()) {
+ lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
+ }
+ }
+
+ return lp_ctx->globals->weak_crypto;
+}
+
/**
* Convenience routine to grab string parameters into temporary memory
* and run standard_sub_basic on them.
lp_ctx->globals->ctx = lp_ctx->globals;
lp_ctx->globals->rpc_low_port = SERVER_TCP_LOW_PORT;
lp_ctx->globals->rpc_high_port = SERVER_TCP_HIGH_PORT;
+ lp_ctx->globals->weak_crypto = SAMBA_WEAK_CRYPTO_UNKNOWN;
lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
lp_ctx->flags = talloc_zero_array(lp_ctx, unsigned int, num_parameters());
SPOTLIGHT_BACKEND_ES,
};
+/* FIPS values */
+enum samba_weak_crypto {
+ SAMBA_WEAK_CRYPTO_UNKNOWN,
+ SAMBA_WEAK_CRYPTO_ALLOWED,
+ SAMBA_WEAK_CRYPTO_DISALLOWED,
+};
+
/*
* Default passwd chat script.
*/
struct parmlist_entry *param_opt; \
char *dnsdomain; \
int rpc_low_port; \
- int rpc_high_port;
+ int rpc_high_port; \
+ enum samba_weak_crypto weak_crypto;
const char* server_role_str(uint32_t role);
int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master);
pc_files='samba-hostconfig.pc',
vnum='0.0.1',
deps='DYNCONFIG server-role tdb',
- public_deps='samba-util param_local.h',
+ public_deps='GNUTLS_HELPERS samba-util param_local.h',
public_headers='param.h',
autoproto='param_proto.h'
)
int lp_rpc_low_port(void);
int lp_rpc_high_port(void);
bool lp_lanman_auth(void);
+enum samba_weak_crypto lp_weak_crypto(void);
int lp_wi_scan_global_parametrics(
const char *regex, size_t max_matches,
#include "librpc/gen_ndr/nbt.h"
#include "source4/lib/tls/tls.h"
#include "libcli/auth/ntlm_check.h"
+#include "lib/crypto/gnutls_helpers.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
return flags_list;
}
+
+enum samba_weak_crypto lp_weak_crypto()
+{
+ if (Globals.weak_crypto == SAMBA_WEAK_CRYPTO_UNKNOWN) {
+ Globals.weak_crypto = SAMBA_WEAK_CRYPTO_DISALLOWED;
+
+ if (samba_gnutls_weak_crypto_allowed()) {
+ Globals.weak_crypto = SAMBA_WEAK_CRYPTO_ALLOWED;
+ }
+ }
+
+ return Globals.weak_crypto;
+}