fixed mandatory signing

author Andrew Tridgell <tridge@samba.org>

Sat, 7 Jun 2008 15:14:25 +0000 (08:14 -0700)

committer Andrew Tridgell <tridge@samba.org>

Sat, 7 Jun 2008 15:14:25 +0000 (08:14 -0700)
author Andrew Tridgell <tridge@samba.org>
Sat, 7 Jun 2008 15:14:25 +0000 (08:14 -0700)
committer Andrew Tridgell <tridge@samba.org>
Sat, 7 Jun 2008 15:14:25 +0000 (08:14 -0700)
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c

index 2da39001ab1f4045d2c1566f1b8b5ee07d2efd9f..3e6e2e1a43c9b2a222f91062bc37bc605788ec72 100644 (file)
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -121,6 +121,8 @@ static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2
                 break;
         case SMB_SIGNING_REQUIRED:
                 io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
+               /* force signing on immediately */
+               req->smb_conn->doing_signing = true;
                 break;
         }
         io->out.dialect_revision   = SMB2_DIALECT_REVISION;
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c

index 3def8fe56380d1fcef545a0a4b0b8fb77906f1fb..2f4e9df2b6ab9cb4c8692290db1348841709e324 100644 (file)
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -321,6 +321,10 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req)
                         smb2srv_send_error(req, status);
                         return NT_STATUS_OK;                    
                 }
+       } else if (req->smb_conn->doing_signing && req->session != NULL) {
+               /* we require signing and this request was not signed */
+               smb2srv_send_error(req, NT_STATUS_ACCESS_DENIED);
+               return NT_STATUS_OK;                                    
         }
  
         /* TODO: check the seqnum */
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c

index 482dd181c27a2fc3b2ba10b7a20ba639a1d3cf67..9fb3220005563ab0fe65eba28f3a8d70cb812d67 100644 (file)
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -181,8 +181,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
         /* note that we ignore SMB2_NEGOTIATE_SIGNING_ENABLED from the client.
            This is deliberate as windows does not set it even when it does 
            set SMB2_NEGOTIATE_SIGNING_REQUIRED */
-       if ((io->smb2.in.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
-           lp_server_signing(req->smb_conn->lp_ctx) == SMB_SIGNING_REQUIRED) {
+       if (io->smb2.in.security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) {
                 req->smb_conn->doing_signing = true;
         }
author	Andrew Tridgell <tridge@samba.org>
	Sat, 7 Jun 2008 15:14:25 +0000 (08:14 -0700)
committer	Andrew Tridgell <tridge@samba.org>
	Sat, 7 Jun 2008 15:14:25 +0000 (08:14 -0700)
source4/smb_server/smb2/negprot.c		patch \| blob \| history
source4/smb_server/smb2/receive.c		patch \| blob \| history
source4/smb_server/smb2/sesssetup.c		patch \| blob \| history