2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../libcli/auth/spnego.h"
29 extern fstring remote_proto;
31 static void get_challenge(struct smbd_server_connection *sconn, uint8 buff[8])
35 /* We might be called more than once, multiple negprots are
37 if (sconn->smb1.negprot.auth_context) {
38 DEBUG(3, ("get challenge: is this a secondary negprot? "
39 "sconn->negprot.auth_context is non-NULL!\n"));
40 TALLOC_FREE(sconn->smb1.negprot.auth_context);
43 DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
44 nt_status = make_auth_context_subsystem(
45 sconn, &sconn->smb1.negprot.auth_context);
46 if (!NT_STATUS_IS_OK(nt_status)) {
47 DEBUG(0, ("make_auth_context_subsystem returned %s",
48 nt_errstr(nt_status)));
49 smb_panic("cannot make_negprot_global_auth_context!");
51 DEBUG(10, ("get challenge: getting challenge\n"));
52 sconn->smb1.negprot.auth_context->get_ntlm_challenge(
53 sconn->smb1.negprot.auth_context, buff);
56 /****************************************************************************
57 Reply for the core protocol.
58 ****************************************************************************/
60 static void reply_corep(struct smb_request *req, uint16 choice)
62 reply_outbuf(req, 1, 0);
63 SSVAL(req->outbuf, smb_vwv0, choice);
65 set_Protocol(PROTOCOL_CORE);
68 /****************************************************************************
69 Reply for the coreplus protocol.
70 ****************************************************************************/
72 static void reply_coreplus(struct smb_request *req, uint16 choice)
74 int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
76 reply_outbuf(req, 13, 0);
78 SSVAL(req->outbuf,smb_vwv0,choice);
79 SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
80 readbraw and writebraw (possibly) */
81 /* Reply, SMBlockread, SMBwritelock supported. */
82 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
83 SSVAL(req->outbuf,smb_vwv1,0x1); /* user level security, don't
85 set_Protocol(PROTOCOL_COREPLUS);
88 /****************************************************************************
89 Reply for the lanman 1.0 protocol.
90 ****************************************************************************/
92 static void reply_lanman1(struct smb_request *req, uint16 choice)
94 int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
96 time_t t = time(NULL);
97 struct smbd_server_connection *sconn = req->sconn;
99 sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
101 if (lp_security()>=SEC_USER) {
102 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
104 if (sconn->smb1.negprot.encrypted_passwords) {
105 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
108 reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
110 SSVAL(req->outbuf,smb_vwv0,choice);
111 SSVAL(req->outbuf,smb_vwv1,secword);
112 /* Create a token value and add it to the outgoing packet. */
113 if (sconn->smb1.negprot.encrypted_passwords) {
114 get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
115 SSVAL(req->outbuf,smb_vwv11, 8);
118 set_Protocol(PROTOCOL_LANMAN1);
120 /* Reply, SMBlockread, SMBwritelock supported. */
121 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
122 SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv);
123 SSVAL(req->outbuf,smb_vwv3,lp_maxmux()); /* maxmux */
124 SSVAL(req->outbuf,smb_vwv4,1);
125 SSVAL(req->outbuf,smb_vwv5,raw); /* tell redirector we support
126 readbraw writebraw (possibly) */
127 SIVAL(req->outbuf,smb_vwv6,sys_getpid());
128 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
130 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
135 /****************************************************************************
136 Reply for the lanman 2.0 protocol.
137 ****************************************************************************/
139 static void reply_lanman2(struct smb_request *req, uint16 choice)
141 int raw = (lp_readraw()?1:0) | (lp_writeraw()?2:0);
143 time_t t = time(NULL);
144 struct smbd_server_connection *sconn = req->sconn;
146 sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
148 if (lp_security()>=SEC_USER) {
149 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
151 if (sconn->smb1.negprot.encrypted_passwords) {
152 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
155 reply_outbuf(req, 13, sconn->smb1.negprot.encrypted_passwords?8:0);
157 SSVAL(req->outbuf,smb_vwv0,choice);
158 SSVAL(req->outbuf,smb_vwv1,secword);
159 SIVAL(req->outbuf,smb_vwv6,sys_getpid());
161 /* Create a token value and add it to the outgoing packet. */
162 if (sconn->smb1.negprot.encrypted_passwords) {
163 get_challenge(sconn, (uint8 *)smb_buf(req->outbuf));
164 SSVAL(req->outbuf,smb_vwv11, 8);
167 set_Protocol(PROTOCOL_LANMAN2);
169 /* Reply, SMBlockread, SMBwritelock supported. */
170 SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
171 SSVAL(req->outbuf,smb_vwv2,sconn->smb1.negprot.max_recv);
172 SSVAL(req->outbuf,smb_vwv3,lp_maxmux());
173 SSVAL(req->outbuf,smb_vwv4,1);
174 SSVAL(req->outbuf,smb_vwv5,raw); /* readbraw and/or writebraw */
175 SSVAL(req->outbuf,smb_vwv10, set_server_zone_offset(t)/60);
176 srv_put_dos_date((char *)req->outbuf,smb_vwv8,t);
179 /****************************************************************************
180 Generate the spnego negprot reply blob. Return the number of bytes used.
181 ****************************************************************************/
183 DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
185 DATA_BLOB blob = data_blob_null;
186 DATA_BLOB blob_out = data_blob_null;
192 const char *OIDs_krb5[] = {OID_KERBEROS5,
196 const char *OIDs_ntlm[] = {OID_NTLMSSP, NULL};
198 sconn->smb1.negprot.spnego = true;
199 /* strangely enough, NT does not sent the single OID NTLMSSP when
200 not a ADS member, it sends no OIDs at all
202 OLD COMMENT : "we can't do this until we teach our sesssion setup parser to know
203 about raw NTLMSSP (clients send no ASN.1 wrapping if we do this)"
205 Our sessionsetup code now handles raw NTLMSSP connects, so we can go
206 back to doing what W2K3 does here. This is needed to make PocketPC 2003
207 CIFS connections work with SPNEGO. See bugzilla bugs #1828 and #3133
212 if (lp_security() != SEC_ADS && !USE_KERBEROS_KEYTAB) {
214 /* Code for PocketPC client */
215 blob = data_blob(guid, 16);
217 /* Code for standalone WXP client */
218 blob = spnego_gen_negTokenInit(ctx, OIDs_ntlm, NULL, "NONE");
220 } else if (!lp_send_spnego_principal()) {
221 /* By default, Windows 2008 and later sends not_defined_in_RFC4178@please_ignore */
222 blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, ADS_IGNORE_PRINCIPAL);
225 char *host_princ_s = NULL;
226 name_to_fqdn(myname, global_myname());
228 if (asprintf(&host_princ_s, "cifs/%s@%s", myname, lp_realm())
230 return data_blob_null;
232 blob = spnego_gen_negTokenInit(ctx, OIDs_krb5, NULL, host_princ_s);
233 SAFE_FREE(host_princ_s);
236 blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
237 if (blob_out.data == NULL) {
238 data_blob_free(&blob);
239 return data_blob_null;
242 memset(blob_out.data, '\0', 16);
244 checked_strlcpy(unix_name, global_myname(), sizeof(unix_name));
245 strlower_m(unix_name);
246 push_ascii_nstring(dos_name, unix_name);
247 safe_strcpy((char *)blob_out.data, dos_name, 16);
250 /* Fix valgrind 'uninitialized bytes' issue. */
251 slen = strlen(dos_name);
253 memset(blob_out.data+slen, '\0', 16 - slen);
257 memcpy(&blob_out.data[16], blob.data, blob.length);
259 data_blob_free(&blob);
264 /****************************************************************************
265 Reply for the nt protocol.
266 ****************************************************************************/
268 static void reply_nt1(struct smb_request *req, uint16 choice)
270 /* dual names + lock_and_read + nt SMBs + remote API calls */
271 int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
272 CAP_LEVEL_II_OPLOCKS;
275 bool negotiate_spnego = False;
278 struct smbd_server_connection *sconn = req->sconn;
280 sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
282 /* Check the flags field to see if this is Vista.
283 WinXP sets it and Vista does not. But we have to
284 distinguish from NT which doesn't set it either. */
286 if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
287 ((req->flags2 & FLAGS2_UNKNOWN_BIT4) == 0) )
289 if (get_remote_arch() != RA_SAMBA) {
290 set_remote_arch( RA_VISTA );
294 reply_outbuf(req,17,0);
296 /* do spnego in user level security if the client
297 supports it and we can do encrypted passwords */
299 if (sconn->smb1.negprot.encrypted_passwords &&
300 (lp_security() != SEC_SHARE) &&
302 (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
303 negotiate_spnego = True;
304 capabilities |= CAP_EXTENDED_SECURITY;
305 add_to_common_flags2(FLAGS2_EXTENDED_SECURITY);
306 /* Ensure FLAGS2_EXTENDED_SECURITY gets set in this reply
307 (already partially constructed. */
308 SSVAL(req->outbuf, smb_flg2,
309 req->flags2 | FLAGS2_EXTENDED_SECURITY);
312 capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNICODE;
314 if (lp_unix_extensions()) {
315 capabilities |= CAP_UNIX;
318 if (lp_large_readwrite() && (SMB_OFF_T_BITS == 64))
319 capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX|CAP_W2K_SMBS;
321 if (SMB_OFF_T_BITS == 64)
322 capabilities |= CAP_LARGE_FILES;
324 if (lp_readraw() && lp_writeraw())
325 capabilities |= CAP_RAW_MODE;
327 if (lp_nt_status_support())
328 capabilities |= CAP_STATUS32;
331 capabilities |= CAP_DFS;
333 if (lp_security() >= SEC_USER) {
334 secword |= NEGOTIATE_SECURITY_USER_LEVEL;
336 if (sconn->smb1.negprot.encrypted_passwords) {
337 secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
340 if (lp_server_signing()) {
341 if (lp_security() >= SEC_USER) {
342 secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
343 /* No raw mode with smb signing. */
344 capabilities &= ~CAP_RAW_MODE;
345 if (lp_server_signing() == Required)
346 secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
347 srv_set_signing_negotiated(sconn);
349 DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
350 if (lp_server_signing() == Required) {
351 exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
356 SSVAL(req->outbuf,smb_vwv0,choice);
357 SCVAL(req->outbuf,smb_vwv1,secword);
359 set_Protocol(PROTOCOL_NT1);
361 SSVAL(req->outbuf,smb_vwv1+1,lp_maxmux()); /* maxmpx */
362 SSVAL(req->outbuf,smb_vwv2+1,1); /* num vcs */
363 SIVAL(req->outbuf,smb_vwv3+1,
364 sconn->smb1.negprot.max_recv); /* max buffer. LOTS! */
365 SIVAL(req->outbuf,smb_vwv5+1,0x10000); /* raw size. full 64k */
366 SIVAL(req->outbuf,smb_vwv7+1,sys_getpid()); /* session key */
367 SIVAL(req->outbuf,smb_vwv9+1,capabilities); /* capabilities */
368 clock_gettime(CLOCK_REALTIME,&ts);
369 put_long_date_timespec(TIMESTAMP_SET_NT_OR_BETTER,(char *)req->outbuf+smb_vwv11+1,ts);
370 SSVALS(req->outbuf,smb_vwv15+1,set_server_zone_offset(ts.tv_sec)/60);
372 if (!negotiate_spnego) {
373 /* Create a token value and add it to the outgoing packet. */
374 if (sconn->smb1.negprot.encrypted_passwords) {
376 /* note that we do not send a challenge at all if
377 we are using plaintext */
378 get_challenge(sconn, chal);
379 ret = message_push_blob(
380 &req->outbuf, data_blob_const(chal, sizeof(chal)));
382 DEBUG(0, ("Could not push challenge\n"));
383 reply_nterror(req, NT_STATUS_NO_MEMORY);
386 SCVAL(req->outbuf, smb_vwv16+1, ret);
388 ret = message_push_string(&req->outbuf, lp_workgroup(),
389 STR_UNICODE|STR_TERMINATE
392 DEBUG(0, ("Could not push workgroup string\n"));
393 reply_nterror(req, NT_STATUS_NO_MEMORY);
396 DEBUG(3,("not using SPNEGO\n"));
398 DATA_BLOB spnego_blob = negprot_spnego(req, req->sconn);
400 if (spnego_blob.data == NULL) {
401 reply_nterror(req, NT_STATUS_NO_MEMORY);
405 ret = message_push_blob(&req->outbuf, spnego_blob);
407 DEBUG(0, ("Could not push spnego blob\n"));
408 reply_nterror(req, NT_STATUS_NO_MEMORY);
411 data_blob_free(&spnego_blob);
413 SCVAL(req->outbuf,smb_vwv16+1, 0);
414 DEBUG(3,("using SPNEGO\n"));
420 /* these are the protocol lists used for auto architecture detection:
423 protocol [PC NETWORK PROGRAM 1.0]
424 protocol [XENIX CORE]
425 protocol [MICROSOFT NETWORKS 1.03]
427 protocol [Windows for Workgroups 3.1a]
430 protocol [NT LM 0.12]
433 protocol [PC NETWORK PROGRAM 1.0]
434 protocol [XENIX CORE]
435 protocol [MICROSOFT NETWORKS 1.03]
437 protocol [Windows for Workgroups 3.1a]
440 protocol [NT LM 0.12]
443 protocol [PC NETWORK PROGRAM 1.0]
445 protocol [Windows for Workgroups 3.1a]
448 protocol [NT LM 0.12]
451 protocol [PC NETWORK PROGRAM 1.0]
453 protocol [Windows for Workgroups 3.1a]
456 protocol [NT LM 0.12]
460 protocol [PC NETWORK PROGRAM 1.0]
461 protocol [XENIX CORE]
468 * Modified to recognize the architecture of the remote machine better.
470 * This appears to be the matrix of which protocol is used by which
472 Protocol WfWg Win95 WinNT Win2K OS/2 Vista
473 PC NETWORK PROGRAM 1.0 1 1 1 1 1 1
475 MICROSOFT NETWORKS 3.0 2 2
477 MICROSOFT NETWORKS 1.03 3
480 Windows for Workgroups 3.1a 5 5 5 3 3
486 * tim@fsg.com 09/29/95
487 * Win2K added by matty 17/7/99
490 #define ARCH_WFWG 0x3 /* This is a fudge because WfWg is like Win95 */
491 #define ARCH_WIN95 0x2
492 #define ARCH_WINNT 0x4
493 #define ARCH_WIN2K 0xC /* Win2K is like NT */
494 #define ARCH_OS2 0x14 /* Again OS/2 is like NT */
495 #define ARCH_SAMBA 0x20
496 #define ARCH_CIFSFS 0x40
497 #define ARCH_VISTA 0x8C /* Vista is like XP/2K */
499 #define ARCH_ALL 0x7F
501 /* List of supported protocols, most desired first */
502 static const struct {
503 const char *proto_name;
504 const char *short_name;
505 void (*proto_reply_fn)(struct smb_request *req, uint16 choice);
507 } supported_protocols[] = {
508 {"SMB 2.002", "SMB2", reply_smb2002, PROTOCOL_SMB2},
509 {"NT LANMAN 1.0", "NT1", reply_nt1, PROTOCOL_NT1},
510 {"NT LM 0.12", "NT1", reply_nt1, PROTOCOL_NT1},
511 {"POSIX 2", "NT1", reply_nt1, PROTOCOL_NT1},
512 {"LANMAN2.1", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
513 {"LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
514 {"Samba", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
515 {"DOS LM1.2X002", "LANMAN2", reply_lanman2, PROTOCOL_LANMAN2},
516 {"LANMAN1.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
517 {"MICROSOFT NETWORKS 3.0", "LANMAN1", reply_lanman1, PROTOCOL_LANMAN1},
518 {"MICROSOFT NETWORKS 1.03", "COREPLUS", reply_coreplus, PROTOCOL_COREPLUS},
519 {"PC NETWORK PROGRAM 1.0", "CORE", reply_corep, PROTOCOL_CORE},
523 /****************************************************************************
525 conn POINTER CAN BE NULL HERE !
526 ****************************************************************************/
528 void reply_negprot(struct smb_request *req)
537 size_t converted_size;
538 struct smbd_server_connection *sconn = req->sconn;
540 START_PROFILE(SMBnegprot);
542 if (sconn->smb1.negprot.done) {
543 END_PROFILE(SMBnegprot);
544 exit_server_cleanly("multiple negprot's are not permitted");
546 sconn->smb1.negprot.done = true;
548 if (req->buflen == 0) {
549 DEBUG(0, ("negprot got no protocols\n"));
550 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
551 END_PROFILE(SMBnegprot);
555 if (req->buf[req->buflen-1] != '\0') {
556 DEBUG(0, ("negprot protocols not 0-terminated\n"));
557 reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
558 END_PROFILE(SMBnegprot);
562 p = (const char *)req->buf + 1;
567 while (smbreq_bufrem(req, p) > 0) {
571 tmp = TALLOC_REALLOC_ARRAY(talloc_tos(), cliprotos, char *,
574 DEBUG(0, ("talloc failed\n"));
575 TALLOC_FREE(cliprotos);
576 reply_nterror(req, NT_STATUS_NO_MEMORY);
577 END_PROFILE(SMBnegprot);
583 if (!pull_ascii_talloc(cliprotos, &cliprotos[num_cliprotos], p,
585 DEBUG(0, ("pull_ascii_talloc failed\n"));
586 TALLOC_FREE(cliprotos);
587 reply_nterror(req, NT_STATUS_NO_MEMORY);
588 END_PROFILE(SMBnegprot);
592 DEBUG(3, ("Requested protocol [%s]\n",
593 cliprotos[num_cliprotos]));
599 for (i=0; i<num_cliprotos; i++) {
600 if (strcsequal(cliprotos[i], "Windows for Workgroups 3.1a"))
601 arch &= ( ARCH_WFWG | ARCH_WIN95 | ARCH_WINNT
603 else if (strcsequal(cliprotos[i], "DOS LM1.2X002"))
604 arch &= ( ARCH_WFWG | ARCH_WIN95 );
605 else if (strcsequal(cliprotos[i], "DOS LANMAN2.1"))
606 arch &= ( ARCH_WFWG | ARCH_WIN95 );
607 else if (strcsequal(cliprotos[i], "NT LM 0.12"))
608 arch &= ( ARCH_WIN95 | ARCH_WINNT | ARCH_WIN2K
610 else if (strcsequal(cliprotos[i], "SMB 2.001"))
612 else if (strcsequal(cliprotos[i], "LANMAN2.1"))
613 arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
614 else if (strcsequal(cliprotos[i], "LM1.2X002"))
615 arch &= ( ARCH_WINNT | ARCH_WIN2K | ARCH_OS2 );
616 else if (strcsequal(cliprotos[i], "MICROSOFT NETWORKS 1.03"))
618 else if (strcsequal(cliprotos[i], "XENIX CORE"))
619 arch &= ( ARCH_WINNT | ARCH_OS2 );
620 else if (strcsequal(cliprotos[i], "Samba")) {
623 } else if (strcsequal(cliprotos[i], "POSIX 2")) {
629 /* CIFSFS can send one arch only, NT LM 0.12. */
630 if (i == 1 && (arch & ARCH_CIFSFS)) {
636 set_remote_arch(RA_CIFSFS);
639 set_remote_arch(RA_SAMBA);
642 set_remote_arch(RA_WFWG);
645 set_remote_arch(RA_WIN95);
648 if(req->flags2 == FLAGS2_WIN2K_SIGNATURE)
649 set_remote_arch(RA_WIN2K);
651 set_remote_arch(RA_WINNT);
654 /* Vista may have been set in the negprot so don't
656 if ( get_remote_arch() != RA_VISTA )
657 set_remote_arch(RA_WIN2K);
660 set_remote_arch(RA_VISTA);
663 set_remote_arch(RA_OS2);
666 set_remote_arch(RA_UNKNOWN);
670 /* possibly reload - change of architecture */
671 reload_services(sconn->msg_ctx, sconn->sock, True);
673 /* moved from the netbios session setup code since we don't have that
674 when the client connects to port 445. Of course there is a small
675 window where we are listening to messages -- jerry */
677 serverid_register(sconn_server_id(sconn),
678 FLAG_MSG_GENERAL|FLAG_MSG_SMBD
679 |FLAG_MSG_PRINT_GENERAL);
681 /* Check for protocols, most desirable first */
682 for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
684 if ((supported_protocols[protocol].protocol_level <= lp_maxprotocol()) &&
685 (supported_protocols[protocol].protocol_level >= lp_minprotocol()))
686 while (i < num_cliprotos) {
687 if (strequal(cliprotos[i],supported_protocols[protocol].proto_name))
696 fstrcpy(remote_proto,supported_protocols[protocol].short_name);
697 reload_services(sconn->msg_ctx, sconn->sock, True);
698 supported_protocols[protocol].proto_reply_fn(req, choice);
699 DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name));
701 DEBUG(0,("No protocol supported !\n"));
702 reply_outbuf(req, 1, 0);
703 SSVAL(req->outbuf, smb_vwv0, choice);
706 DEBUG( 5, ( "negprot index=%d\n", choice ) );
708 if ((lp_server_signing() == Required) && (get_Protocol() < PROTOCOL_NT1)) {
709 exit_server_cleanly("SMB signing is required and "
710 "client negotiated a downlevel protocol");
713 TALLOC_FREE(cliprotos);
714 END_PROFILE(SMBnegprot);