summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-11-16 15:06:30 +0100
committerGünther Deschner <gd@samba.org>2011-11-16 18:59:49 +0100
commitaf1a2eecce1155618173aa2c9a8d9f687082a449 (patch)
tree720b98ac165582a2436230cca8ca22d998bce395 /source3
parent1a72b6c5242af82d5b9e7b4c29e20d746b459a30 (diff)
downloadsamba-af1a2eecce1155618173aa2c9a8d9f687082a449.tar.gz
samba-af1a2eecce1155618173aa2c9a8d9f687082a449.tar.bz2
samba-af1a2eecce1155618173aa2c9a8d9f687082a449.zip
s3:smbd: calculate the negprot signing flags from the signing_state
We should map from lp_server_signing() just once in srv_init_signing(). metze Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/negprot.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 9b58a79795..ae9ce5a2cf 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -28,6 +28,7 @@
#include "messages.h"
#include "smbprofile.h"
#include "auth/gensec/gensec.h"
+#include "../libcli/smb/smb_signing.h"
extern fstring remote_proto;
@@ -307,6 +308,8 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
struct timespec ts;
ssize_t ret;
struct smbd_server_connection *sconn = req->sconn;
+ bool signing_enabled = false;
+ bool signing_required = false;
sconn->smb1.negprot.encrypted_passwords = lp_encrypted_passwords();
@@ -368,16 +371,20 @@ static void reply_nt1(struct smb_request *req, uint16 choice)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
}
- if (lp_server_signing() != SMB_SIGNING_OFF) {
+ signing_enabled = smb_signing_is_allowed(req->sconn->smb1.signing_state);
+ signing_required = smb_signing_is_mandatory(req->sconn->smb1.signing_state);
+
+ if (signing_enabled) {
if (lp_security() >= SEC_USER) {
secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
/* No raw mode with smb signing. */
capabilities &= ~CAP_RAW_MODE;
- if (lp_server_signing() == SMB_SIGNING_REQUIRED)
+ if (signing_required) {
secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+ }
} else {
DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
- if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
+ if (signing_required) {
exit_server_cleanly("reply_nt1: smb signing required and share level security selected.");
}
}