Putting the framework for server signing in place. Ensure we don't use

sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
(This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)

1 files changed, 12 insertions, 0 deletions

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index f452dd845b..0b58eb3eb2 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -277,6 +277,14 @@ static int reply_nt1(char *inbuf, char *outbuf)
 	if (global_encrypted_passwords_negotiated)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 	
+	if (lp_server_signing()) {
+		secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+		/* No raw mode with smb signing. */
+		capabilities &= ~CAP_RAW_MODE;
+		if (lp_server_signing() == Required)
+			secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+	}
+
 	set_message(outbuf,17,0,True);
 	
 	SCVAL(outbuf,smb_vwv1,secword);
@@ -521,6 +529,10 @@ int reply_negprot(connection_struct *conn,
   
 	DEBUG( 5, ( "negprot index=%d\n", choice ) );
 
+	if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
+		exit_server("SMB signing is required and client negotiated a downlevel protocol");
+	}
+
 	END_PROFILE(SMBnegprot);
 	return(outsize);
 }