s3:smb2-server: session setup replies should always be signed (except for guest sessions)

not only if the session should be signed

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e535f17e4981a4ecbdce4949359e9c9f282c3299..c81baa53dc94dbf5968b69416e90b51aa06861d9 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
        char *real_username;
        bool username_was_mapped = false;
        bool map_domainuser_to_guest = false;
+       bool guest = false;
 
        if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
                status = NT_STATUS_LOGON_FAILURE;
@@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
                *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
                /* force no signing */
                session->do_signing = false;
+               guest = true;
        }
 
        session->session_key = session->session_info->session_key;
@@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
         * so that the response can be signed
         */
        smb2req->session = session;
-       if (session->do_signing) {
+       if (guest) {
                smb2req->do_signing = true;
        }
 
@@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
                                        uint16_t *out_session_flags,
                                        uint64_t *out_session_id)
 {
+       bool guest = false;
+
        if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
            lp_server_signing() == Required) {
                session->do_signing = true;
@@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
                *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
                /* force no signing */
                session->do_signing = false;
+               guest = true;
        }
 
        session->session_key = session->session_info->session_key;
@@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
         * so that the response can be signed
         */
        smb2req->session = session;
-       if (session->do_signing) {
+       if (!guest) {
                smb2req->do_signing = true;
        }