port latest changes from SAMBA_3_0 tree

(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)

1 files changed, 20 insertions, 0 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index f452dd845b..28e3cf97d1 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -277,6 +277,22 @@ static int reply_nt1(char *inbuf, char *outbuf)
 	if (global_encrypted_passwords_negotiated)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	
+	if (lp_server_signing()) {
+	       	if (lp_security() >= SEC_USER) {
+			secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+			/* No raw mode with smb signing. */
+			capabilities &= ~CAP_RAW_MODE;
+			if (lp_server_signing() == Required)
+				secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+			srv_set_signing_negotiated();
+		} else {
+			DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
+			if (lp_server_signing() == Required) {
+				exit_server("reply_nt1: smb signing required and share level security selected.");
+			}
+		}
+	}
+
 	set_message(outbuf,17,0,True);
 	
 	SCVAL(outbuf,smb_vwv1,secword);
@@ -521,6 +537,10 @@ int reply_negprot(connection_struct *conn,
   
 	DEBUG( 5, ( "negprot index=%d\n", choice ) );
 
+	if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
+		exit_server("SMB signing is required and client negotiated a downlevel protocol");
+	}
+
 	END_PROFILE(SMBnegprot);
 	return(outsize);
 }