Refactor signing code to remove most dependencies on 'struct cli'.

Ensure a server can't do a downgrade attack if client signing is mandatory. Add a lp_server_signing() function and a 'server signing' parameter that will act as the client one does. Jeremy (This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
author: Jeremy Allison <jra@samba.org> 2003-07-16 22:57:56 +0000
committer: Jeremy Allison <jra@samba.org> 2003-07-16 22:57:56 +0000
commit: 6ab5e14494ed6b579658f4fe3410759582d909cd (patch)
tree: b430d08de24ebf22818f4f794c129b731eccfd95 /source3/libsmb/cliconnect.c
parent: cdb3b5dec2b5a5ce47c2d371769976d896210041 (diff)
download: samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.gz
samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.bz2
samba-6ab5e14494ed6b579658f4fe3410759582d909cd.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 0dcc9e2845..49430616b3 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -989,6 +989,11 @@ BOOL cli_negprot(struct cli_state *cli)
 
 	cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;	
 
+	if ((cli->protocol < PROTOCOL_NT1) && (lp_client_signing() == Required)) {
+		DEBUG(1,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
+		return False;
+	}
+
 	if (cli->protocol >= PROTOCOL_NT1) {    
 		/* NT protocol */
 		cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
author	Jeremy Allison <jra@samba.org>	2003-07-16 22:57:56 +0000
committer	Jeremy Allison <jra@samba.org>	2003-07-16 22:57:56 +0000
commit	6ab5e14494ed6b579658f4fe3410759582d909cd (patch)
tree	b430d08de24ebf22818f4f794c129b731eccfd95 /source3/libsmb/cliconnect.c
parent	cdb3b5dec2b5a5ce47c2d371769976d896210041 (diff)
download	samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.gz samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.bz2 samba-6ab5e14494ed6b579658f4fe3410759582d909cd.zip