diff options
| author | Jeremy Allison <jra@samba.org> | 2003-11-25 00:32:48 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2003-11-25 00:32:48 +0000 |
| commit | b7937e569ce55605e2a837b9ee3144bca4099bc2 (patch) | |
| tree | 31ea93e68e8ab25d3c8440951060132ca1b2baad | |
| parent | f7bf71a34cd2f2465bf4d9e586688bda5c6700f7 (diff) | |
| download | samba-b7937e569ce55605e2a837b9ee3144bca4099bc2.tar.gz samba-b7937e569ce55605e2a837b9ee3144bca4099bc2.tar.bz2 samba-b7937e569ce55605e2a837b9ee3144bca4099bc2.zip | |
When server signing is set to "auto", if the client doesn't sign just
ignore it. Only fail if signing is set to "required".
Jeremy.
(This used to be commit ab5db8873e2882900baa1c74706bb907baaff7fd)
| -rw-r--r-- | source3/libsmb/smb_signing.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index eec991072d..2a53638d17 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -370,7 +370,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); #endif /* JRATEST */ } else { - DEBUG(10, ("client_check_incoming_message:: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); + DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); dump_data(10, (const char *)server_sent_mac, 8); } return signing_good(inbuf, si, good, saved_seq); @@ -743,7 +743,24 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); DEBUG(10, ("srv_check_incoming_message: seq %u: (current is %u) got good SMB signature of\n", (unsigned int)reply_seq_number, (unsigned int)data->send_seq_num)); dump_data(10, (const char *)server_sent_mac, 8); } - return signing_good(inbuf, si, good, saved_seq); + + if (!signing_good(inbuf, si, good, saved_seq)) { + if (si->mandatory_signing) { + /* Mandatory signing - fail and disconnect. */ + return False; + } else { + /* Non-mandatory signing - just turn off. */ + DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and client \ +isn't sending correct signatures. Turning off.\n")); + si->negotiated_smb_signing = False; + si->allow_smb_signing = False; + si->doing_signing = False; + free_signing_context(si); + return True; + } + } else { + return True; + } } /*********************************************************** @@ -967,6 +984,10 @@ void srv_set_signing(const DATA_BLOB user_session_key, const DATA_BLOB response) dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length); + DEBUG(3,("srv_set_signing: turning on SMB signing: signing negotiated = %s, mandatory_signing = %s.\n", + BOOLSTR(srv_sign_info.negotiated_smb_signing), + BOOLSTR(srv_sign_info.mandatory_signing) )); + /* Initialise the sequence number */ data->send_seq_num = 0; |