diff options
author | Michael Adam <obnox@samba.org> | 2011-09-21 03:56:30 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-09-21 11:00:09 +0200 |
commit | 39dcf4bf02d13201b2da11f4b9fd3b972da87c80 (patch) | |
tree | 5100bebe34cc487b98aef1bdd08f92601b4344a7 | |
parent | 95b2e5aa56814e04f060403b8805c5c562805ee9 (diff) | |
download | samba-39dcf4bf02d13201b2da11f4b9fd3b972da87c80.tar.gz samba-39dcf4bf02d13201b2da11f4b9fd3b972da87c80.tar.bz2 samba-39dcf4bf02d13201b2da11f4b9fd3b972da87c80.zip |
s3:smb2-server: session setup replies should always be signed (except for guest sessions)
not only if the session should be signed
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index e535f17e49..c81baa53dc 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, char *real_username; bool username_was_mapped = false; bool map_domainuser_to_guest = false; + bool guest = false; if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) { status = NT_STATUS_LOGON_FAILURE; @@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ session->do_signing = false; + guest = true; } session->session_key = session->session_info->session_key; @@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, * so that the response can be signed */ smb2req->session = session; - if (session->do_signing) { + if (guest) { smb2req->do_signing = true; } @@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s uint16_t *out_session_flags, uint64_t *out_session_id) { + bool guest = false; + if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == Required) { session->do_signing = true; @@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ session->do_signing = false; + guest = true; } session->session_key = session->session_info->session_key; @@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s * so that the response can be signed */ smb2req->session = session; - if (session->do_signing) { + if (!guest) { smb2req->do_signing = true; } |