diff options
| author | Jeremy Allison <jra@samba.org> | 2012-10-03 12:50:42 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2012-10-03 12:50:42 -0700 |
| commit | 49a335731a7139a5c66be596f3d544bef72a8556 (patch) | |
| tree | c0025e17dca5a33de490f0e9eaed2802acca9924 /source3 | |
| parent | c2f5b2466bb05939c953341517da6d9df814b27c (diff) | |
| download | samba-49a335731a7139a5c66be596f3d544bef72a8556.tar.gz samba-49a335731a7139a5c66be596f3d544bef72a8556.tar.bz2 samba-49a335731a7139a5c66be596f3d544bef72a8556.zip | |
Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2."
This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245.
As Metze pointed out:
From MS-SMB2 section 2.2.4:
SMB2_NEGOTIATE_SIGNING_ENABLED
When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.
I'll submit a documentation bug to fix #9222 that way.
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/smbd/smb2_negprot.c | 10 | ||||
| -rw-r--r-- | source3/smbd/smb2_sesssetup.c | 6 |
2 files changed, 4 insertions, 12 deletions
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 826e0d1d2a..6adc5819ec 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -92,7 +92,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) DATA_BLOB security_buffer; size_t expected_dyn_size = 0; size_t c; - uint16_t security_mode = 0; + uint16_t security_mode; uint16_t dialect_count; uint16_t in_security_mode; uint32_t in_capabilities; @@ -244,11 +244,9 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, NT_STATUS_INTERNAL_ERROR); } - if (lp_server_signing() != SMB_SIGNING_OFF) { - security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; - if (lp_server_signing() == SMB_SIGNING_REQUIRED) { - security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; - } + security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; + if (lp_server_signing() == SMB_SIGNING_REQUIRED) { + security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; } capabilities = 0; diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 8bdfd49644..2599d2a63d 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -185,12 +185,6 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, struct smbXsrv_session *x = session; struct smbXsrv_connection *conn = session->connection; - if ((lp_server_signing() == SMB_SIGNING_OFF) && - (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) { - DEBUG(0,("SMB2 signing required and we have disabled it.\n")); - return NT_STATUS_ACCESS_DENIED; - } - if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == SMB_SIGNING_REQUIRED) { x->global->signing_required = true; |