summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/smb2_sesssetup.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e535f17e49..c81baa53dc 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
char *real_username;
bool username_was_mapped = false;
bool map_domainuser_to_guest = false;
+ bool guest = false;
if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
status = NT_STATUS_LOGON_FAILURE;
@@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
+ guest = true;
}
session->session_key = session->session_info->session_key;
@@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
* so that the response can be signed
*/
smb2req->session = session;
- if (session->do_signing) {
+ if (guest) {
smb2req->do_signing = true;
}
@@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
uint16_t *out_session_flags,
uint64_t *out_session_id)
{
+ bool guest = false;
+
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
lp_server_signing() == Required) {
session->do_signing = true;
@@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
/* force no signing */
session->do_signing = false;
+ guest = true;
}
session->session_key = session->session_info->session_key;
@@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
* so that the response can be signed
*/
smb2req->session = session;
- if (session->do_signing) {
+ if (!guest) {
smb2req->do_signing = true;
}