git.samba.org
/
samba.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
[samba.git]
/
source3
/
smbd
/
negprot.c
diff --git
a/source3/smbd/negprot.c
b/source3/smbd/negprot.c
index 759042183902b426276c4c9fc8abe73fe7e7f487..d2e5e2ee27e3b86c07069d9e583fcedda5a457ca 100644
(file)
--- a/
source3/smbd/negprot.c
+++ b/
source3/smbd/negprot.c
@@
-543,6
+543,7
@@
void reply_negprot(struct smb_request *req)
size_t converted_size;
struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
size_t converted_size;
struct smbXsrv_connection *xconn = req->xconn;
struct smbd_server_connection *sconn = req->sconn;
+ bool signing_required = true;
START_PROFILE(SMBnegprot);
START_PROFILE(SMBnegprot);
@@
-716,8
+717,9
@@
void reply_negprot(struct smb_request *req)
DEBUG( 5, ( "negprot index=%d\n", choice ) );
DEBUG( 5, ( "negprot index=%d\n", choice ) );
- if ((lp_server_signing() == SMB_SIGNING_REQUIRED)
- && (chosen_level < PROTOCOL_NT1)) {
+ /* We always have xconn->smb1.signing_state also for >= SMB2_02 */
+ signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state);
+ if (signing_required && (chosen_level < PROTOCOL_NT1)) {
exit_server_cleanly("SMB signing is required and "
"client negotiated a downlevel protocol");
}
exit_server_cleanly("SMB signing is required and "
"client negotiated a downlevel protocol");
}