summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-08-12 01:15:23 +0000
committerVolker Lendecke <vlendec@samba.org>2003-08-12 01:15:23 +0000
commit46e0d25b7f3e570daffe73bad5d883f617ea291e (patch)
treebcfe388516977aac206c2df647180c31937e3979 /source3
parentdffd0f379fdbb74533ceab18d199302f3b15a7c9 (diff)
downloadsamba-46e0d25b7f3e570daffe73bad5d883f617ea291e.tar.gz
samba-46e0d25b7f3e570daffe73bad5d883f617ea291e.tar.bz2
samba-46e0d25b7f3e570daffe73bad5d883f617ea291e.zip
Fix client autonegotiate signing.
Jeremy. (This used to be commit a4d2dd1d40f6b1322e69d430023aa89dac86fda3)
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/popt_common.c3
-rw-r--r--source3/libsmb/cliconnect.c25
2 files changed, 17 insertions, 11 deletions
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index af1cbcfe80..c120651550 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -335,7 +335,8 @@ static void popt_common_credentials_callback(poptContext con,
cmdline_auth_info.signing_state = -1;
if (strequal(arg, "off") || strequal(arg, "no") || strequal(arg, "false"))
cmdline_auth_info.signing_state = False;
- else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true"))
+ else if (strequal(arg, "on") || strequal(arg, "yes") || strequal(arg, "true") ||
+ strequal(arg, "auto") )
cmdline_auth_info.signing_state = True;
else if (strequal(arg, "force") || strequal(arg, "required") || strequal(arg, "forced"))
cmdline_auth_info.signing_state = Required;
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 1f06ebf66f..82d6fc7cef 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1025,22 +1025,27 @@ BOOL cli_negprot(struct cli_state *cli)
smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
}
- if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED)) {
- /* Fail if signing is mandatory and we don't want to support it. */
+ /*
+ * As signing is slow we only turn it on if either the client or
+ * the server require it. JRA.
+ */
+
+ if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_REQUIRED) {
+ /* Fail if server says signing is mandatory and we don't want to support it. */
if (!cli->sign_info.allow_smb_signing) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
return False;
}
cli->sign_info.negotiated_smb_signing = True;
- }
-
- if ((cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) && cli->sign_info.allow_smb_signing)
+ cli->sign_info.mandatory_signing = True;
+ } else if (cli->sign_info.mandatory_signing && cli->sign_info.allow_smb_signing) {
+ /* Fail if client says signing is mandatory and the server doesn't support it. */
+ if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
+ DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
+ return False;
+ }
cli->sign_info.negotiated_smb_signing = True;
-
- /* Fail if signing is mandatory and the server doesn't support it. */
- if (cli->sign_info.mandatory_signing && !(cli->sign_info.negotiated_smb_signing)) {
- DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
- return False;
+ cli->sign_info.mandatory_signing = True;
}
} else if (cli->protocol >= PROTOCOL_LANMAN1) {