diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-08-13 00:16:57 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:57 -0500 |
| commit | 7b088a8f654f34911928dcdf320ca3cf79592aed (patch) | |
| tree | 953f8a4c5d41e44815a5969b4200909bf7ce6004 /source4/smb_server/negprot.c | |
| parent | 14924a9fe708ef3c183bfbe733afb77fc2ed1274 (diff) | |
| download | samba-7b088a8f654f34911928dcdf320ca3cf79592aed.tar.gz samba-7b088a8f654f34911928dcdf320ca3cf79592aed.tar.bz2 samba-7b088a8f654f34911928dcdf320ca3cf79592aed.zip | |
r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB
signing code to be able to cope.
Andrew Bartlett
(This used to be commit cb74d52b563730a50e33c92d868c45ee96a598e8)
Diffstat (limited to 'source4/smb_server/negprot.c')
| -rw-r--r-- | source4/smb_server/negprot.c | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/source4/smb_server/negprot.c b/source4/smb_server/negprot.c index 9e8a8f1f2c..d81900107b 100644 --- a/source4/smb_server/negprot.c +++ b/source4/smb_server/negprot.c @@ -57,6 +57,11 @@ static void reply_corep(struct smbsrv_request *req, uint16_t choice) req->smb_conn->negotiate.protocol = PROTOCOL_CORE; + if (req->smb_conn->signing.mandatory_signing) { + smbsrv_terminate_connection(req->smb_conn, + "CORE does not support SMB signing, and it is mandetory\n"); + } + req_send_reply(req); } @@ -84,6 +89,11 @@ static void reply_coreplus(struct smbsrv_request *req, uint16_t choice) req->smb_conn->negotiate.protocol = PROTOCOL_COREPLUS; + if (req->smb_conn->signing.mandatory_signing) { + smbsrv_terminate_connection(req->smb_conn, + "COREPLUS does not support SMB signing, and it is mandetory\n"); + } + req_send_reply(req); } @@ -128,6 +138,11 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice) get_challenge(req->smb_conn, req->out.data); } + if (req->smb_conn->signing.mandatory_signing) { + smbsrv_terminate_connection(req->smb_conn, + "LANMAN1 does not support SMB signing, and it is mandetory\n"); + } + req_send_reply(req); } @@ -171,6 +186,10 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice) req_push_str(req, NULL, lp_workgroup(), -1, STR_TERMINATE); + if (req->smb_conn->signing.mandatory_signing) { + smbsrv_terminate_connection(req->smb_conn, + "LANMAN2 does not support SMB signing, and it is mandetory\n"); + } req_send_reply(req); } @@ -198,7 +217,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) /* do spnego in user level security if the client supports it and we can do encrypted passwords */ - if (0 && req->smb_conn->negotiate.encrypted_passwords && + if (req->smb_conn->negotiate.encrypted_passwords && (lp_security() != SEC_SHARE) && lp_use_spnego() && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { @@ -241,18 +260,12 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; } - req->smb_conn->signing.signing_state = lp_server_signing(); - - switch (req->smb_conn->signing.signing_state) { - case SMB_SIGNING_OFF: - break; - case SMB_SIGNING_SUPPORTED: + if (req->smb_conn->signing.allow_smb_signing) { secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED; - break; - case SMB_SIGNING_REQUIRED: - secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED | - NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; - break; + } + + if (req->smb_conn->signing.mandatory_signing) { + secword |= NEGOTIATE_SECURITY_SIGNATURES_REQUIRED; } req->smb_conn->negotiate.protocol = PROTOCOL_NT1; |