s3:smbd: return the correct security mode and capabilities in SMB2 Negotitate

metze
author: Stefan Metzmacher <metze@samba.org> 2009-05-22 21:26:03 +0200
committer: Stefan Metzmacher <metze@samba.org> 2009-05-26 09:53:05 +0200
commit: bd8a38b60e933bcffd90ea8bed75898a421cbdad (patch)
tree: 4d623677d85dbffaa2bd607c1dfb95f3db6fe27b /source3/smbd/smb2_negprot.c
parent: 53df34364416d3ce037024147788fdc968bdb31f (diff)
download: samba-bd8a38b60e933bcffd90ea8bed75898a421cbdad.tar.gz
samba-bd8a38b60e933bcffd90ea8bed75898a421cbdad.tar.bz2
samba-bd8a38b60e933bcffd90ea8bed75898a421cbdad.zip
1 files changed, 18 insertions, 5 deletions
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index b976ea2399..e9464900f2 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -74,8 +74,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 	size_t body_size;
 	size_t expected_dyn_size = 0;
 	size_t c;
+	uint16_t security_mode;
 	uint16_t dialect_count;
 	uint16_t dialect;
+	uint32_t capabilities;
 
 /* TODO: drop the connection with INVALI_PARAMETER */
 
@@ -103,12 +105,12 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 
 	for (c=0; c < dialect_count; c++) {
 		dialect = SVAL(indyn, c*2);
-		if (dialect == 0x0202) {
+		if (dialect == SMB2_DIALECT_REVISION_202) {
 			break;
 		}
 	}
 
-	if (dialect != 0x0202) {
+	if (dialect != SMB2_DIALECT_REVISION_202) {
 		return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
 	}
 
@@ -129,6 +131,16 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 		return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR);
 	}
 
+	security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
+	if (lp_server_signing() == Required) {
+		security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
+	}
+
+	capabilities = 0;
+	if (lp_host_msdfs()) {
+		capabilities |= SMB2_CAP_DFS;
+	}
+
 	security_offset = SMB2_HDR_BODY + 0x40;
 	security_buffer = data_blob_const(negprot_spnego_blob.data + 16,
 					  negprot_spnego_blob.length - 16);
@@ -142,13 +154,14 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 	}
 
 	SSVAL(outbody.data, 0x00, 0x40 + 1);	/* struct size */
-/*TODO: indicate signing enabled */
-	SSVAL(outbody.data, 0x02, 0);		/* security mode */
+	SSVAL(outbody.data, 0x02,
+	      security_mode);			/* security mode */
 	SSVAL(outbody.data, 0x04, dialect);	/* dialect revision */
 	SSVAL(outbody.data, 0x06, 0);		/* reserved */
 	memcpy(outbody.data + 0x08,
 	       negprot_spnego_blob.data, 16);	/* server guid */
-	SIVAL(outbody.data, 0x18, 0);		/* capabilities */
+	SIVAL(outbody.data, 0x18,
+	      capabilities);			/* capabilities */
 	SIVAL(outbody.data, 0x1C, 0x00010000);	/* max transact size */
 	SIVAL(outbody.data, 0x20, 0x00010000);	/* max read size */
 	SIVAL(outbody.data, 0x24, 0x00010000);	/* max write size */
author	Stefan Metzmacher <metze@samba.org>	2009-05-22 21:26:03 +0200
committer	Stefan Metzmacher <metze@samba.org>	2009-05-26 09:53:05 +0200
commit	bd8a38b60e933bcffd90ea8bed75898a421cbdad (patch)
tree	4d623677d85dbffaa2bd607c1dfb95f3db6fe27b /source3/smbd/smb2_negprot.c
parent	53df34364416d3ce037024147788fdc968bdb31f (diff)
download	samba-bd8a38b60e933bcffd90ea8bed75898a421cbdad.tar.gz samba-bd8a38b60e933bcffd90ea8bed75898a421cbdad.tar.bz2 samba-bd8a38b60e933bcffd90ea8bed75898a421cbdad.zip