diff options
author | Volker Lendecke <vlendec@samba.org> | 2003-08-12 01:15:23 +0000 |
---|---|---|
committer | Volker Lendecke <vlendec@samba.org> | 2003-08-12 01:15:23 +0000 |
commit | 46e0d25b7f3e570daffe73bad5d883f617ea291e (patch) | |
tree | bcfe388516977aac206c2df647180c31937e3979 /source3 | |
parent | dffd0f379fdbb74533ceab18d199302f3b15a7c9 (diff) | |
download | samba-46e0d25b7f3e570daffe73bad5d883f617ea291e.tar.gz samba-46e0d25b7f3e570daffe73bad5d883f617ea291e.tar.bz2 samba-46e0d25b7f3e570daffe73bad5d883f617ea291e.zip |
Fix client autonegotiate signing.
Jeremy.
(This used to be commit a4d2dd1d40f6b1322e69d430023aa89dac86fda3)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/popt_common.c | 3 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 25 |
2 files changed, 17 insertions, 11 deletions
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c index af1cbcfe80..c120651550 100644 --- a/source3/lib/popt_common.c +++ b/source3/lib/popt_common.c @@ -335,7 +335,8 @@ static void popt_common_credentials_callback(poptContext con, cmdline_auth_info.signing_state = -1; if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false")) cmdline_auth_info.signing_state = False; - else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true")) + else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") || + strequal(arg, "auto") ) cmdline_auth_info.signing_state = True; else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced")) cmdline_auth_info.signing_state = Required; diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 1f06ebf66f..82d6fc7cef 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1025,22 +1025,27 @@ BOOL cli_negprot(struct cli_state *cli) smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN); } - if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)) { - /* Fail if signing is mandatory and we don't want to support it. */ + /* + * As signing is slow we only turn it on if either the client or + * the server require it. JRA. + */ + + if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) { + /* Fail if server says signing is mandatory and we don't want to support it. */ if (!cli->sign_info.allow_smb_signing) { DEBUG(1,("cli_negprot: SMB signing is mandatory and we have disabled it.\n")); return False; } cli->sign_info.negotiated_smb_signing = True; - } - - if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) && cli->sign_info.allow_smb_signing) + cli->sign_info.mandatory_signing = True; + } else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) { + /* Fail if client says signing is mandatory and the server doesn't support it. */ + if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) { + DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n")); + return False; + } cli->sign_info.negotiated_smb_signing = True; - - /* Fail if signing is mandatory and the server doesn't support it. */ - if (cli->sign_info.mandatory_signing && !(cli->sign_info.negotiated_smb_signing)) { - DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n")); - return False; + cli->sign_info.mandatory_signing = True; } } else if (cli->protocol >= PROTOCOL_LANMAN1) { |