Merge branch 'master' of ssh://git.samba.org/data/git/samba

2 files changed, 11 insertions, 41 deletions

diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index f45cbf1756..a12bbd5cec 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -193,16 +193,6 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
 		goto done;
 	}
 
-	/* Force check of the request packet, now we know the session key */
-	smbsrv_signing_check_incoming(req);
-/* TODO: why don't we check the result here? */
-
-	/* Unfortunetly win2k3 as a client doesn't sign the request
-	 * packet here, so we have to force signing to start again */
-
-	smbsrv_signing_restart(req->smb_conn, &session_info->session_key, &sess->nt1.in.password2, 
-			       session_info->server_info->authenticated);
-
 done:
 	status = NT_STATUS_OK;
 failed:
@@ -321,13 +311,8 @@ static void sesssetup_spnego_send(struct gensec_update_request *greq, void *priv
 	if (!NT_STATUS_IS_OK(status)) goto failed;
 
 	skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key);
-	if (NT_STATUS_IS_OK(skey_status) &&
-	    smbsrv_setup_signing(req->smb_conn, &session_key, NULL)) {
-		/* Force check of the request packet, now we know the session key */
-		smbsrv_signing_check_incoming(req);
-
-		smbsrv_signing_restart(req->smb_conn, &session_key, NULL, 
-				       session_info->server_info->authenticated);
+	if (NT_STATUS_IS_OK(skey_status)) {
+		smbsrv_setup_signing(req->smb_conn, &session_key, NULL);
 	}
 
 	/* Ensure this is marked as a 'real' vuid, not one
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
index ee4531c8f6..0b5cf56fdb 100644
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -75,30 +75,6 @@ bool smbsrv_setup_signing(struct smbsrv_connection *smb_conn,
 					 &smb_conn->signing, session_key, response);
 }
 
-void smbsrv_signing_restart(struct smbsrv_connection *smb_conn,
-			    DATA_BLOB *session_key,
-			    DATA_BLOB *response,
-			    bool authenticated_session) 
-{
-	if (!smb_conn->signing.seen_valid) {
-		DEBUG(5, ("Client did not send a valid signature on "
-			  "SPNEGO session setup - ignored, expect good next time\n"));
-		/* force things back on (most clients do not sign this packet)... */
-		smbsrv_setup_signing(smb_conn, session_key, response);
-		smb_conn->signing.next_seq_num = 2;
-
-		/* If mandetory_signing is set, and this was an authenticated logon, then force on */
-		if (smb_conn->signing.mandatory_signing && authenticated_session) {
-			DEBUG(5, ("Configured for mandatory signing, 'good packet seen' forced on\n"));
-			/* if this is mandatory, then
-			 * pretend we have seen a
-			 * valid packet, so we don't
-			 * turn it off */
-			smb_conn->signing.seen_valid = true;
-		}
-	}
-}
-
 bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 {
 	smb_conn->signing.mac_key = data_blob(NULL, 0);
@@ -118,10 +94,19 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
 		smb_conn->signing.mandatory_signing = true;
 		break;
 	case SMB_SIGNING_AUTO:
+		/* If we are a domain controller, SMB signing is
+		 * really important, as it can prevent a number of
+		 * attacks on communications between us and the
+		 * clients */
+
 		if (lp_server_role(smb_conn->lp_ctx) == ROLE_DOMAIN_CONTROLLER) {
 			smb_conn->signing.allow_smb_signing = true;
 			smb_conn->signing.mandatory_signing = true;
 		} else {
+			/* However, it really sucks (no sendfile, CPU
+			 * overhead) performance-wise when used on a
+			 * file server, so disable it by default (auto
+			 * is the default) on non-DCs */
 			smb_conn->signing.allow_smb_signing = false;
 		}
 		break;