diff options
author | Jeremy Allison <jra@samba.org> | 2003-11-25 00:32:51 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-11-25 00:32:51 +0000 |
commit | efdd1ea572b1e05c3bf169a1a93dffcdabe600b5 (patch) | |
tree | baa3560bd8d0c1f05dacddc8d723467dd04cd49f | |
parent | 4e61fcbef17b48ffd76dd9b9399b6f6df63e8079 (diff) | |
download | samba-efdd1ea572b1e05c3bf169a1a93dffcdabe600b5.tar.gz samba-efdd1ea572b1e05c3bf169a1a93dffcdabe600b5.tar.bz2 samba-efdd1ea572b1e05c3bf169a1a93dffcdabe600b5.zip |
When server signing is set to "auto", if the client doesn't sign just
ignore it. Only fail if signing is set to "required".
Jeremy.
(This used to be commit 8916ddfc39c3e70265188926f24034152f0e7b6b)
-rw-r--r-- | source3/libsmb/smb_signing.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index eec991072d..2a53638d17 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -370,7 +370,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); #endif /* JRATEST */ } else { - DEBUG(10, ("client_check_incoming_message:: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); + DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); dump_data(10, (const char *)server_sent_mac, 8); } return signing_good(inbuf, si, good, saved_seq); @@ -743,7 +743,24 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); DEBUG(10, ("srv_check_incoming_message: seq %u: (current is %u) got good SMB signature of\n", (unsigned int)reply_seq_number, (unsigned int)data->send_seq_num)); dump_data(10, (const char *)server_sent_mac, 8); } - return signing_good(inbuf, si, good, saved_seq); + + if (!signing_good(inbuf, si, good, saved_seq)) { + if (si->mandatory_signing) { + /* Mandatory signing - fail and disconnect. */ + return False; + } else { + /* Non-mandatory signing - just turn off. */ + DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and client \ +isn't sending correct signatures. Turning off.\n")); + si->negotiated_smb_signing = False; + si->allow_smb_signing = False; + si->doing_signing = False; + free_signing_context(si); + return True; + } + } else { + return True; + } } /*********************************************************** @@ -967,6 +984,10 @@ void srv_set_signing(const DATA_BLOB user_session_key, const DATA_BLOB response) dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length); + DEBUG(3,("srv_set_signing: turning on SMB signing: signing negotiated = %s, mandatory_signing = %s.\n", + BOOLSTR(srv_sign_info.negotiated_smb_signing), + BOOLSTR(srv_sign_info.mandatory_signing) )); + /* Initialise the sequence number */ data->send_seq_num = 0; |