summaryrefslogtreecommitdiff
path: root/source3/smbd/negprot.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/negprot.c')
-rw-r--r--source3/smbd/negprot.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index f452dd845b..28e3cf97d1 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -277,6 +277,22 @@ static int reply_nt1(char *inbuf, char *outbuf)
if (global_encrypted_passwords_negotiated)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
+ if (lp_server_signing()) {
+ if (lp_security() >= SEC_USER) {
+ secword |= NEGOTIATE_SECURITY_SIGNATURES_ENABLED;
+ /* No raw mode with smb signing. */
+ capabilities &= ~CAP_RAW_MODE;
+ if (lp_server_signing() == Required)
+ secword |=NEGOTIATE_SECURITY_SIGNATURES_REQUIRED;
+ srv_set_signing_negotiated();
+ } else {
+ DEBUG(0,("reply_nt1: smb signing is incompatible with share level security !\n"));
+ if (lp_server_signing() == Required) {
+ exit_server("reply_nt1: smb signing required and share level security selected.");
+ }
+ }
+ }
+
set_message(outbuf,17,0,True);
SCVAL(outbuf,smb_vwv1,secword);
@@ -521,6 +537,10 @@ int reply_negprot(connection_struct *conn,
DEBUG( 5, ( "negprot index=%d\n", choice ) );
+ if ((lp_server_signing() == Required) && (Protocol < PROTOCOL_NT1)) {
+ exit_server("SMB signing is required and client negotiated a downlevel protocol");
+ }
+
END_PROFILE(SMBnegprot);
return(outsize);
}
generated by cgit (git 2.34.1) at 2024-08-05 15:06:44 +0000