diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-08-16 15:14:51 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-08-17 00:54:01 +0200 |
| commit | 16edb6eb7bf48026129a85e3c00ca9309d5c54c5 (patch) | |
| tree | bca03711003bc57a921de4e71d3e700a70d15f38 /source3/smbd/smb2_server.c | |
| parent | 19ca98a162050807ad96b3a3f1f8e1982c7d2c3e (diff) | |
| download | samba-16edb6eb7bf48026129a85e3c00ca9309d5c54c5.tar.gz samba-16edb6eb7bf48026129a85e3c00ca9309d5c54c5.tar.bz2 samba-16edb6eb7bf48026129a85e3c00ca9309d5c54c5.zip | |
s3:smb2_server: try to sign an error response if we have a signing key
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 00:54:01 CEST 2012 on sn-devel-104
Diffstat (limited to 'source3/smbd/smb2_server.c')
| -rw-r--r-- | source3/smbd/smb2_server.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 027334ce13..ff4ee60e95 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1789,8 +1789,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) signing_key = x->global->channels[0].signing_key; + /* + * If we have a signing key, we should + * sign the response + */ + if (signing_key.length > 0) { + req->do_signing = true; + } - req->do_signing = true; status = smb2_signing_check_pdu(signing_key, conn->protocol, SMBD_SMB2_IN_HDR_IOV(req), @@ -1799,12 +1805,23 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, status); } + /* + * Now that we know the request was correctly signed + * we have to sign the response too. + */ + req->do_signing = true; + if (!NT_STATUS_IS_OK(session_status)) { return smbd_smb2_request_error(req, session_status); } } else if (opcode == SMB2_OP_CANCEL) { /* Cancel requests are allowed to skip the signing */ } else if (signing_required) { + /* + * If signing is required we try to sign + * a possible error response + */ + req->do_signing = true; return smbd_smb2_request_error(req, NT_STATUS_ACCESS_DENIED); } |