Merge pull request #15639 from iterate-ch/feature/GH-15638

Set encrypt data and signing by default
iterate-ch · Feb 25, 2024 · dec4e34 · dec4e34
2 parents 3ac5c67 + 8b001ca
commit dec4e34
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 7 deletions.
diff --git a/core/src/main/java/ch/cyberduck/core/Session.java b/core/src/main/java/ch/cyberduck/core/Session.java
@@ -33,8 +33,8 @@
 import ch.cyberduck.core.features.Upload;
 import ch.cyberduck.core.features.Versioning;
 import ch.cyberduck.core.features.Write;
-import ch.cyberduck.core.preferences.Preferences;
-import ch.cyberduck.core.preferences.PreferencesFactory;
+import ch.cyberduck.core.preferences.HostPreferences;
+import ch.cyberduck.core.preferences.PreferencesReader;
 import ch.cyberduck.core.proxy.Proxy;
 import ch.cyberduck.core.shared.*;
 import ch.cyberduck.core.threading.CancelCallback;
@@ -82,7 +82,7 @@ public boolean alert(final ConnectionCallback callback) throws BackgroundExcepti
         if(host.getCredentials().isAnonymousLogin()) {
             return false;
         }
-        final Preferences preferences = PreferencesFactory.get();
+        final PreferencesReader preferences = new HostPreferences(host);
         if(preferences.getBoolean(String.format("connection.unsecure.%s", host.getHostname()))) {
             return false;
         }

diff --git a/core/src/main/java/ch/cyberduck/core/preferences/Preferences.java b/core/src/main/java/ch/cyberduck/core/preferences/Preferences.java
@@ -291,9 +291,6 @@ protected void setDefaults() {
         if(this.getBoolean("connection.dns.ipv6")) {
             System.setProperty("java.net.preferIPv6Addresses", String.valueOf(true));
         }
-        this.setDefault(String.format("connection.unsecure.warning.%s", Scheme.ftp), String.valueOf(true));
-        this.setDefault(String.format("connection.unsecure.warning.%s", Scheme.http), String.valueOf(true));
-        this.setDefault(String.format("connection.unsecure.warning.%s", Scheme.smb), String.valueOf(false));
 
         // TTL for DNS queries
         Security.setProperty("networkaddress.cache.ttl", "10");

diff --git a/defaults/src/main/resources/default.properties b/defaults/src/main/resources/default.properties
@@ -529,7 +529,8 @@ smb.domain.default=WORKGROUP
 # Enable distributed filesystem path resolver
 smb.dfs.enable=true
 # Requires that messages from the server are signed
-smb.signing.required=false
+smb.signing.required=true
+smb.encrypt.enable=true
 smb.socket.timeout=0
 smb.protocol.negotiate.enable=true
 
@@ -573,6 +574,7 @@ connection.proxy.windows.authentication.enable=false
 # Warning when opening connections sending credentials in plaintext
 connection.unsecure.warning.ftp=true
 connection.unsecure.warning.http=true
+connection.unsecure.warning.smb=true
 connection.ssl.provider.bouncycastle.position=1
 # Register bouncy castle as preferred provider. Used in Cyptomator, SSL and SSH
 connection.ssl.protocols=TLSv1.3,TLSv1.2,TLSv1.1,TLSv1

diff --git a/smb/src/main/java/ch/cyberduck/core/smb/SMBSession.java b/smb/src/main/java/ch/cyberduck/core/smb/SMBSession.java
@@ -15,6 +15,7 @@
  * GNU General Public License for more details.
  */
 
+import ch.cyberduck.core.ConnectionCallback;
 import ch.cyberduck.core.ConnectionTimeoutFactory;
 import ch.cyberduck.core.Credentials;
 import ch.cyberduck.core.Host;
@@ -151,6 +152,7 @@ protected Connection connect(final Proxy proxy, final HostKeyCallback key, final
                     .withSoTimeout(new HostPreferences(host).getLong("smb.socket.timeout"), TimeUnit.SECONDS)
                     .withAuthenticators(new NtlmAuthenticator.Factory())
                     .withDfsEnabled(new HostPreferences(host).getBoolean("smb.dfs.enable"))
+                    .withEncryptData(new HostPreferences(host).getBoolean("smb.encrypt.enable"))
                     .withSigningRequired(new HostPreferences(host).getBoolean("smb.signing.required"))
                     .withRandomProvider(SecureRandomProviderFactory.get().provide())
                     .withMultiProtocolNegotiate(new HostPreferences(host).getBoolean("smb.protocol.negotiate.enable"))
@@ -166,6 +168,14 @@ protected Connection connect(final Proxy proxy, final HostKeyCallback key, final
         }
     }
 
+    @Override
+    public boolean alert(final ConnectionCallback callback) throws BackgroundException {
+        if(client.getConnectionContext().supportsEncryption()) {
+            return false;
+        }
+        return super.alert(callback);
+    }
+
     @Override
     public void login(final Proxy proxy, final LoginCallback prompt, final CancelCallback cancel) throws BackgroundException {
         final AuthenticationContext context;