s3:smb2_tcon: reject access to shares mark as "smb encrypt = required"

author Stefan Metzmacher <metze@samba.org>

Mon, 23 Jul 2012 11:47:24 +0000 (13:47 +0200)

committer Stefan Metzmacher <metze@samba.org>

Mon, 23 Jul 2012 16:19:36 +0000 (18:19 +0200)
author Stefan Metzmacher <metze@samba.org>
Mon, 23 Jul 2012 11:47:24 +0000 (13:47 +0200)
committer Stefan Metzmacher <metze@samba.org>
Mon, 23 Jul 2012 16:19:36 +0000 (18:19 +0200)
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c

index 4549d3aa8481bb22d08a6a68add4080a45f41cb3..96a5c12b2aef51379d511a65306b2854d7db0c91 100644 (file)
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -231,6 +231,14 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
                 return NT_STATUS_BAD_NETWORK_NAME;
         }
  
+       if (lp_smb_encrypt(snum) == SMB_SIGNING_REQUIRED) {
+               status = NT_STATUS_ACCESS_DENIED;
+               DEBUG(3,("smbd_smb2_tree_connect: "
+                        "service %s needs encryption - %s\n",
+                        service, nt_errstr(status)));
+               return status;
+       }
+
         /* create a new tcon as child of the session */
         status = smb2srv_tcon_create(req->session, now, &tcon);
         if (!NT_STATUS_IS_OK(status)) {
author	Stefan Metzmacher <metze@samba.org>
	Mon, 23 Jul 2012 11:47:24 +0000 (13:47 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 23 Jul 2012 16:19:36 +0000 (18:19 +0200)