summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2011-09-21 03:56:30 +0200
committerStefan Metzmacher <metze@samba.org>2011-09-21 11:00:09 +0200
commit39dcf4bf02d13201b2da11f4b9fd3b972da87c80 (patch)
tree5100bebe34cc487b98aef1bdd08f92601b4344a7
parent95b2e5aa56814e04f060403b8805c5c562805ee9 (diff)
downloadsamba-39dcf4bf02d13201b2da11f4b9fd3b972da87c80.tar.gz
samba-39dcf4bf02d13201b2da11f4b9fd3b972da87c80.tar.bz2
samba-39dcf4bf02d13201b2da11f4b9fd3b972da87c80.zip
s3:smb2-server: session setup replies should always be signed (except for guest sessions)
not only if the session should be signed Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
-rw-r--r--source3/smbd/smb2_sesssetup.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e535f17e49..c81baa53dc 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
char *real_username;
bool username_was_mapped = false;
bool map_domainuser_to_guest = false;
+ bool guest = false;
if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
status = NT_STATUS_LOGON_FAILURE;
@@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
+ guest = true;
}
session->session_key = session->session_info->session_key;
@@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
* so that the response can be signed
*/
smb2req->session = session;
- if (session->do_signing) {
+ if (guest) {
smb2req->do_signing = true;
}
@@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
uint16_t *out_session_flags,
uint64_t *out_session_id)
{
+ bool guest = false;
+
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == Required) {
session->do_signing = true;
@@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
+ guest = true;
}
session->session_key = session->session_info->session_key;
@@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
* so that the response can be signed
*/
smb2req->session = session;
- if (session->do_signing) {
+ if (!guest) {
smb2req->do_signing = true;
}