DATA_BLOB security_buffer;
size_t expected_dyn_size = 0;
size_t c;
- uint16_t security_mode;
+ uint16_t security_mode = 0;
uint16_t dialect_count;
uint16_t in_security_mode;
uint32_t in_capabilities;
return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
}
- security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
- if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
- security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+ if (lp_server_signing() != SMB_SIGNING_OFF) {
+ security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+ security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+ }
}
capabilities = 0;
struct smbXsrv_session *x = session;
struct smbXsrv_connection *conn = session->connection;
+ if ((lp_server_signing() == SMB_SIGNING_OFF) &&
+ (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
+ DEBUG(0,("SMB2 signing required and we have disabled it.\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == SMB_SIGNING_REQUIRED) {
x->global->signing_required = true;