libcli/smb: use conn->smb2.server.cipher != 0 instead of conn->smb2.server.capabiliti...

author Stefan Metzmacher <metze@samba.org>

Mon, 13 Oct 2014 08:39:45 +0000 (10:39 +0200)

committer Jeremy Allison <jra@samba.org>

Thu, 16 Oct 2014 17:30:04 +0000 (19:30 +0200)
author Stefan Metzmacher <metze@samba.org>
Mon, 13 Oct 2014 08:39:45 +0000 (10:39 +0200)
committer Jeremy Allison <jra@samba.org>
Thu, 16 Oct 2014 17:30:04 +0000 (19:30 +0200)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c

index 4daaf2acfdf37277fccc8e2c98ba4586d132f7ba..1b87a0069c960af5bf2351e678ea7b1a2a88156b 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4620,6 +4620,12 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
                 return;
         }
  
+       if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
+               tevent_req_nterror(req,
+                               NT_STATUS_INVALID_NETWORK_RESPONSE);
+               return;
+       }
+
         negotiate_context_offset = IVAL(body, 60);
         if (negotiate_context_offset < security_offset) {
                 tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
@@ -4689,12 +4695,6 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
         if (cipher != NULL) {
                 uint16_t cipher_count;
  
-               if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
-                       tevent_req_nterror(req,
-                                       NT_STATUS_INVALID_NETWORK_RESPONSE);
-                       return;
-               }
-
                 if (cipher->data.length < 2) {
                         tevent_req_nterror(req,
                                         NT_STATUS_INVALID_NETWORK_RESPONSE);
@@ -4722,23 +4722,8 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
  
                         if (cipher_selected == SMB2_ENCRYPTION_AES128_CCM) {
                                 conn->smb2.server.cipher = cipher_selected;
-                               conn->smb2.server.capabilities |= SMB2_CAP_ENCRYPTION;
                         }
                 }
-       } else {
-               if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
-                       tevent_req_nterror(req,
-                                       NT_STATUS_INVALID_NETWORK_RESPONSE);
-                       return;
-               }
-       }
-
-       if (conn->smb2.server.cipher == 0) {
-               /*
-                * We didn't manage to negotiate a common encryption
-                * algorithm.
-                */
-               conn->smb2.server.capabilities &= ~SMB2_CAP_ENCRYPTION;
         }
  
         /* First we hash the request */
@@ -5576,7 +5561,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
                 session->smb2->should_encrypt = false;
         }
  
-       if (!(conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+       if (conn->smb2.server.cipher == 0) {
                 session->smb2->should_encrypt = false;
         }
  
@@ -5707,7 +5692,7 @@ NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
                 return NT_STATUS_NOT_SUPPORTED;
         }
  
-       if (!(session->conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION)) {
+       if (session->conn->smb2.server.cipher == 0) {
                 return NT_STATUS_NOT_SUPPORTED;
         }
author	Stefan Metzmacher <metze@samba.org>
	Mon, 13 Oct 2014 08:39:45 +0000 (10:39 +0200)
committer	Jeremy Allison <jra@samba.org>
	Thu, 16 Oct 2014 17:30:04 +0000 (19:30 +0200)