diff options
author | Jeremy Allison <jra@samba.org> | 2003-07-16 22:57:56 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-07-16 22:57:56 +0000 |
commit | 6ab5e14494ed6b579658f4fe3410759582d909cd (patch) | |
tree | b430d08de24ebf22818f4f794c129b731eccfd95 /source3/libsmb/cliconnect.c | |
parent | cdb3b5dec2b5a5ce47c2d371769976d896210041 (diff) | |
download | samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.gz samba-6ab5e14494ed6b579658f4fe3410759582d909cd.tar.bz2 samba-6ab5e14494ed6b579658f4fe3410759582d909cd.zip |
Refactor signing code to remove most dependencies on 'struct cli'.
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
(This used to be commit 203e4bf0bfb66fd9239e9a0656438a71280113cb)
Diffstat (limited to 'source3/libsmb/cliconnect.c')
-rw-r--r-- | source3/libsmb/cliconnect.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 0dcc9e2845..49430616b3 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -989,6 +989,11 @@ BOOL cli_negprot(struct cli_state *cli) cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot; + if ((cli->protocol < PROTOCOL_NT1) && (lp_client_signing() == Required)) { + DEBUG(1,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n")); + return False; + } + if (cli->protocol >= PROTOCOL_NT1) { /* NT protocol */ cli->sec_mode = CVAL(cli->inbuf,smb_vwv1); |