diff options
author | Jeremy Allison <jra@samba.org> | 2003-11-25 00:32:48 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-11-25 00:32:48 +0000 |
commit | b7937e569ce55605e2a837b9ee3144bca4099bc2 (patch) | |
tree | 31ea93e68e8ab25d3c8440951060132ca1b2baad /source3/libsmb | |
parent | f7bf71a34cd2f2465bf4d9e586688bda5c6700f7 (diff) | |
download | samba-b7937e569ce55605e2a837b9ee3144bca4099bc2.tar.gz samba-b7937e569ce55605e2a837b9ee3144bca4099bc2.tar.bz2 samba-b7937e569ce55605e2a837b9ee3144bca4099bc2.zip |
When server signing is set to "auto", if the client doesn't sign just
ignore it. Only fail if signing is set to "required".
Jeremy.
(This used to be commit ab5db8873e2882900baa1c74706bb907baaff7fd)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/smb_signing.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index eec991072d..2a53638d17 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -370,7 +370,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); #endif /* JRATEST */ } else { - DEBUG(10, ("client_check_incoming_message:: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); + DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); dump_data(10, (const char *)server_sent_mac, 8); } return signing_good(inbuf, si, good, saved_seq); @@ -743,7 +743,24 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); DEBUG(10, ("srv_check_incoming_message: seq %u: (current is %u) got good SMB signature of\n", (unsigned int)reply_seq_number, (unsigned int)data->send_seq_num)); dump_data(10, (const char *)server_sent_mac, 8); } - return signing_good(inbuf, si, good, saved_seq); + + if (!signing_good(inbuf, si, good, saved_seq)) { + if (si->mandatory_signing) { + /* Mandatory signing - fail and disconnect. */ + return False; + } else { + /* Non-mandatory signing - just turn off. */ + DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and client \ +isn't sending correct signatures. Turning off.\n")); + si->negotiated_smb_signing = False; + si->allow_smb_signing = False; + si->doing_signing = False; + free_signing_context(si); + return True; + } + } else { + return True; + } } /*********************************************************** @@ -967,6 +984,10 @@ void srv_set_signing(const DATA_BLOB user_session_key, const DATA_BLOB response) dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length); + DEBUG(3,("srv_set_signing: turning on SMB signing: signing negotiated = %s, mandatory_signing = %s.\n", + BOOLSTR(srv_sign_info.negotiated_smb_signing), + BOOLSTR(srv_sign_info.mandatory_signing) )); + /* Initialise the sequence number */ data->send_seq_num = 0; |