diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-03-27 07:33:59 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2004-03-27 07:33:59 +0000 |
| commit | e9a7e67e01c115328f95690cbf63ca1ef0b4d408 (patch) | |
| tree | be092cb1c743c040fe51f7684a562f7cc875d7ac /source3/smbd | |
| parent | 59572d1297ca5c11067e98a8a01199d5f49c02f8 (diff) | |
| download | samba-e9a7e67e01c115328f95690cbf63ca1ef0b4d408.tar.gz samba-e9a7e67e01c115328f95690cbf63ca1ef0b4d408.tar.bz2 samba-e9a7e67e01c115328f95690cbf63ca1ef0b4d408.zip | |
Merge from HEAD the SMB signing patch that I developed a couple of weeks
ago.
This patch re-adds support for 'optional' SMB signing. It also ensures that
we are much more careful about when we enable signing, particularly with
on-the-fly smb.conf reloads.
The client code will now attempt to use smb signing by default, and disable
it if the server doesn't correctly support it.
Andrew Bartlett
(This used to be commit e27b5cbe75d89ec839dafd52dd33101885a4c263)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/password.c | 2 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 11 |
2 files changed, 7 insertions, 6 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 9449113ddc..ef5d0a97ac 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -269,7 +269,7 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, vuser->homes_snum = -1; } - if (lp_server_signing() && !vuser->guest && !srv_is_signing_active()) { + if (srv_is_signing_negotiated() && !vuser->guest && !srv_signing_started()) { /* Try and turn on server signing on the first non-guest sessionsetup. */ srv_set_signing(vuser->session_key, response_blob); } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 244db6d2c1..b8777be697 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -294,14 +294,14 @@ static int reply_spnego_kerberos(connection_struct *conn, SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info->guest) { + if (!server_info->guest && !srv_signing_started()) { /* We need to start the signing engine * here but a W2K client sends the old * "BSRSPYL " signature instead of the * correct one. Subsequent packets will * be correct. */ - srv_check_sign_mac(inbuf); + srv_check_sign_mac(inbuf, False); } } @@ -370,14 +370,15 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info->guest) { + if (!server_info->guest && !srv_signing_started()) { /* We need to start the signing engine * here but a W2K client sends the old * "BSRSPYL " signature instead of the * correct one. Subsequent packets will * be correct. */ - srv_check_sign_mac(inbuf); + + srv_check_sign_mac(inbuf, False); } } } @@ -920,7 +921,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, /* current_user_info is changed on new vuid */ reload_services( True ); - if (!server_info->guest && !srv_check_sign_mac(inbuf)) { + if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) { exit_server("reply_sesssetup_and_X: bad smb signature"); } |